PSA - FortiClient WebFilter only bug and fix

mekelek

Level 28
MH Trial
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#1
So a few saw my thoughts about FortiClient's UI and one of it's bugs that happened to me when I tried adding it to my combo.

So basically when you install ONLY the WebFilter, the Security Risk tab can't be changed, even if you change it manually through config exporting/importing, the UI will change it back to all blocked.


So I gave up on it, but then people said that they don't have this issue.

So I started toying around with it in a VM, installing every module, and voila, issue is gone, since the tab doesn't exist at the WebFilter tab anymore.


turns out, the Antivirus module is handling it if it's installed, and those annoying pesky "Newly" category blocks are not happening anymore.

I went on the Forti forums but the FortiClient section seems dead, so I'm not sure if they're aware of this UI bug, but now at least I can fully disable the AV module(except web filtering) and use it for the porpuse I want it to.

maybe @Slyguy could forward my findings to the engineers over at Fortinet to fix this bug so I don't have to have the AV module installed. Would appreciate it.
 

Slyguy

Level 34
Joined
Jan 27, 2017
Messages
2,384
OS
Other OS
#2
Indeed the malicious filtration for some reason is tied to the antivirus module in the gui. I forgot about that issue.

New Domain categories were added in 5.6 to combat malware, ransomware,botnet and state sponsored attacks because those are incredibly likely to fall under newly registered/newly seen domains.

I'll let the TAC know. 6.0 is in development right now so no idea if they would even consider this a bug to address or just 'the way it is' kind of thing. But I agree, ALL of the web filtration should be merged.
 

mekelek

Level 28
MH Trial
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#3
Indeed the malicious filtration for some reason is tied to the antivirus module in the gui. I forgot about that issue.

New Domain categories were added in 5.6 to combat malware, ransomware,botnet and state sponsored attacks because those are incredibly likely to fall under newly registered/newly seen domains.

I'll let the TAC know. 6.0 is in development right now so no idea if they would even consider this a bug to address or just 'the way it is' kind of thing. But I agree, ALL of the web filtration should be merged.
webfilter categories are still forced back to Deny, installing the AV module didn't help.
 
Likes: harlan4096

Slyguy

Level 34
Joined
Jan 27, 2017
Messages
2,384
OS
Other OS
#4
webfilter categories are still forced back to Deny, installing the AV module didn't help.
So let me wrap my head around this.. With the AV module installed, the 'New' web categories disappear entirely? They should still be there, but under the antivirus settings now, right? Or are they gone completely?

If that's the case, this would be a bug. It probably got missed because the FortiGate/EMS would normally control the filtered categories and push those to the FortiClient so it is looking for that push, and re-enforcing the 'safe' defaults in lieu of the push? For example this is what I see on the Fortigate;

web.png
 

mekelek

Level 28
MH Trial
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#5
So let me wrap my head around this.. With the AV module installed, the 'New' web categories disappear entirely? They should still be there, but under the antivirus settings now, right? Or are they gone completely?

If that's the case, this would be a bug. It probably got missed because the FortiGate/EMS would normally control the filtered categories and push those to the FortiClient so it is looking for that push, and re-enforcing the 'safe' defaults in lieu of the push? For example this is what I see on the Fortigate;

View attachment 186957
they're gone, fully.
if AV module is installed, they're gone from webfilter categories, and AV has no categories
if AV module is not installed, they're in webfilter categories

in both cases, they can't be changed, they're forced back to Deny whenever you close a UI element.
 
Likes: upnorth
Joined
Aug 17, 2013
Messages
1,508
OS
Linux
Antivirus
Isolation
#6
I definitely need to get myself a Forti Appliance. I'm very impressed with what I've seen and read so far.
 
Likes: mekelek

Similar Threads

Similar Threads

Forgot your password?