Unable to access Fortinet sites when WSS Agent is active
search cancel

Unable to access Fortinet sites when WSS Agent is active


Article ID: 229581


Updated On:


Cloud Secure Web Gateway - Cloud SWG


WSS agent installed

Users cannot access sub domains under www.fortiguard.com or www.fortinet.com sites. Example sub domains: (https://metal.fortiguard.com, https://docs.fortinet.com) - browser simply times out and returns standard connectivity error.

Same users can get to any other sites they are permitted to go to without problems

Tried adding domains to SSL interception exception without any change in behaviour


Client Firewall Service (CFS) license active

WSS agent


Client Firewall Service enabled and blocking access to all Fortinet domains


Bypass fortiguard.com and fortinet.com domains when CFS license enabled

Additional Information

PCAPs showed requests for these domains coming into WSS environment but not reaching the WSS Proxy

Identified that the block appeared on the CFS nodes - can see request come in, but not go out

CFS rules only allow requests to these domains if they originate from CFS server and not routed through

Updated CFS devices in 2022 will not have this limitation.