WSS agent installed
Users cannot access sub domains under www.fortiguard.com or www.fortinet.com sites. Example sub domains: (https://metal.fortiguard.com, https://docs.fortinet.com) - browser simply times out and returns standard connectivity error.
Same users can get to any other sites they are permitted to go to without problems
Tried adding domains to SSL interception exception without any change in behaviour
Client Firewall Service (CFS) license active
Client Firewall Service enabled and blocking access to all Fortinet domains
Bypass fortiguard.com and fortinet.com domains when CFS license enabled
PCAPs showed requests for these domains coming into WSS environment but not reaching the WSS Proxy
Identified that the block appeared on the CFS nodes - can see request come in, but not go out
CFS rules only allow requests to these domains if they originate from CFS server and not routed through
Updated CFS devices in 2022 will not have this limitation.