While troubleshooting a FortiGate web filter issue, users report that they cannot access any websites, even though those sites are not explicitly blocked by any web filter profiles that are applied to firewall policies. What are the three most likely reasons for this behavior? (Choose three answers)

A. The web filter cache has been cleared causing all websites to take longer to be rated.
B. The SSL/TLS deep inspection was configured but the browsers do not have the FortiGate certificate installed.
C. The webfilter-force-off setting has been enabled under config system fortiguard.
D. The DNS server is unreachable, preventing URL resolution.
E. The FortiGuard Web Filtering license has expired, causing FortiGate to apply the default block action.

Correct Answer: C,D,E

Brave-Dump Clients Votes

CDE 100%

Comments

Brave-Dumps Admin 2025-10-24 15:34:26

Selected Answers: C, D, E

Network Security Support Engineer 7.6 Study Guide pages 257-258

Adam 2026-01-15 07:16:27

Selected Answers: C, D, E

It seems if "webfilter-force-off" is enabled which means web filtering is disabled globally, and we have web filter security profile in matched firewall policy, then that traffic will be blocked as per "https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-blocking-traffic-after-integration-with/ta-p/191252".
Any idea why option B is wrong? users should get certificate warning if they don't trust FortiGate CA certificate used for deep inspection which seems matching expression "cannot access any websites" if we consider that users won't bypass the certificate warning.