Skip to main content
nangu
nangu
New Member
April 9, 2014
Question

Access to blocked sites through Google Translate

  • April 9, 2014
  • 3 replies
  • 24360 views
Hi, I have blocked sites by category and app control, but users still access these sites by using google translate. I can block access to google translate by a filter, but they bypass the filter by https. My unit is a FG 80C fw version 4.0 MR3 patch 8, and if I enable https inspection I get a lot of SSL errors and certificate import is not an option. There is a workaround to stop users accessing blocked sites via google translate? Thanks in advance. EDIT: The " google translate" method seems to work only on Chrome. With IE and Firefox the blocked pages are not shown by using google translate. Weird thing.

    3 replies

    drak
    drak
    New Member
    November 28, 2014

    You can activate SSL Inspection and only check the website CN (hence preventing all the crazy certificate warnings that you're getting), here's how: http://docs.fortinet.com/uploaded/files/1705/fortigate-https-webfiltering-without-ssl-deep-scan-50.pdf

     

    Also, if you DO want Deep Inspection (Full SSL Inspection) you can use the procedure outlined here: http://cookbook.fortinet.com/preventing-certificate-warnings/

     

    If you have a big network and Active Directory you can also distribute the CA certificate using GPOs.

    Dave_Hall
    Dave_Hall
    New Member
    November 28, 2014

    SSL inspection won't work in this case because google translation uses google's wildcard security certificate.

     

    There is an application filter for "google.translate" that you could try adding to your exist app sensor that covering web traffic.  Set the filter to block. 

     

    Alternately, you could try the old-school method by blocking the site via FQDN.  NSlookup shows translate.google.com resolves to www3.l.google.com (with about 12 IP addresses), it may work.  Create a FQDN address label for the site, create the firewall policy then move it up the firewall chain so it can get triggered.

     

     

    Edit: Never tried to block translate.google.com by FQDN before, so I am hoping this method doesn't block legitimate google traffic.

    simonorch
    simonorch
    Explorer
    December 2, 2014

    I'd seriously consider upgrading to 5.2.2 or at least 5.0.9 if for no other reason than using the much improved SSL inspection capabilities for webfiltering.

    Dipen
    Dipen
    New Member
    December 3, 2014

    I remember from my pre-Fortinet days 4-5 years ago.Google Translate Bypass used to work for other URL Filters also like WebSense.

    I just had a look and I am able to bypass Filtering using Google Translate.

    pcraponi
    pcraponi
    New Member
    December 3, 2014

    Dipen wrote:

    I remember from my pre-Fortinet days 4-5 years ago.Google Translate Bypass used to work for other URL Filters also like WebSense.

    I just had a look and I am able to bypass Filtering using Google Translate.

    This was fixed on 5.2.2

    Terms & ConditionsAccessibility statement