We like to share ideas/knowledge/hacks

Recently I have had an issue with our web traffic at work. Over the weekend I received a call from our on-call paging team to advise that http web traffic stop working, https is fine. When I googled "fortigate http not working" nothing relevant appeared but my search results was full of articles related to "web filter".

The web filter feature on our enterprise Fortigate firewall has been used to restrict access for malicious website such as:


At any time that a user access any of the above restricted website they will get a Fortigate message on their web browser.

Obviously when I disable "Web Filter" feature on our NAT rule to the internet everything started to work again. However leaving web filter off wasn't really an option, at the back of my mind I knew that restarting the firewall would definitely resolve the issue.

Previously we had an issue about a year ago where http stop working as well as wifi. We log a fault with Fortinet support and in the end we had to kill the self duplicating antivirus process on the firewall.

You can get a list of processes under global by entering "get system performance top x y"

OSP-1000C (global) # get sys performance top 4 50
Run Time:  4 days, 14 hours and 13 minutes
3U, 0N, 5S, 92I; 7958T, 5672F, 386KF
       ipsengine      166      S <     4.4     2.2
       ipsengine      165      S <     4.4     2.1
       ipsengine      163      S <     2.4     2.2
       ipsengine      164      S <     1.9     2.1
         miglogd       84      S       1.4     0.5
          cw_acd      144      S       0.9     1.7
       scanunitd      113      S <     0.9     0.5
     proxyworker      115      S       0.4     1.2
       scanunitd     5574      S <     0.4     0.5
          fcnacd      101      S       0.4     0.1
          httpsd      160      S       0.0     1.6
     proxyworker      116      S       0.0     1.4
          httpsd      180      S       0.0     1.1
         updated      158      S       0.0     0.7
         src-vis      128      S       0.0     0.5
       scanunitd     5570      S <     0.0     0.5
       scanunitd     5573      S <     0.0     0.5
         pyfcgid     5550      S       0.0     0.4
             dsd      157      S       0.0     0.4
         cmdbsvr       62      S       0.0     0.4
         pyfcgid     5552      S       0.0     0.3
         pyfcgid     5553      S       0.0     0.3
         pyfcgid     5554      S       0.0     0.3
          hasync      124      S <     0.0     0.3
       ipshelper      133      S <     0.0     0.3
         sslvpnd      111      S       0.0     0.3
         sslvpnd      109      S       0.0     0.3
         sslvpnd      108      S       0.0     0.3
         miglogd      170      S       0.0     0.3
         sslvpnd      104      S       0.0     0.2
          newcli     5575      R       0.0     0.2
          newcli     5513      S       0.0     0.2
          httpsd       87      S       0.0     0.2
          httpsd      159      S       0.0     0.2
             wad      149      S       0.0     0.2
         wpad_ac      145      S       0.0     0.2
       urlfilter      129      S       0.0     0.2
        dnsproxy      136      S       0.0     0.2
             wad      112      S       0.0     0.2
           fgfmd      143      S       0.0     0.1
            iked      114      S       0.0     0.1
       forticron       97      S       0.0     0.1
       forticldd       99      S       0.0     0.1
           authd      100      S       0.0     0.1
           snmpd      117      S       0.0     0.1
            sshd     5512      S       0.0     0.1
          hatalk      123      S <     0.0     0.1
           dhcpd     1008      S       0.0     0.1
          fnbamd       94      S       0.0     0.1
  zebos_launcher       70      S       0.0     0.1

OSP-1000C (global) # 

To kill the processes you will need to issue the command "diagnose system kill 5570". Once the processes has all been removed you can retry.