Fortigate uses some default Ports to show the Web Filter Block Override error to users :

These ports are the next:

    Port 8008 is used by the FortiGate to authenticate with FortiGuard when a http override request occurs (FortiGuard web filter http override authentication)
    Port 8010 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs (FortiGuard web filter https override authentication)
    Port 8020 is used by the FortiGate for FortiGuard web filter warning authentication.

We had this displaying externally for users , however this should only be an internal error message. Also the Web Filter Block Override page did not have the HSTS Website Headers 🙁

The Virtual IPS had not been setup with any Port Forwarding so it was forwarding this Port even though there was not Rule on the fortigate policy

Changing the Virtual IP”s to only allow specific Ports via port forwarding fixed this