Skip to main content
damianhlozano
damianhlozano
Explorer II
November 19, 2025
Solved

Application control is not blocking browsers

  • November 19, 2025
  • 2 replies
  • 771 views

Hello team!!!

 

My boss asked me to block Internet access for Firefox and Opera browsers in a Fortigate 60F :( with version 7.6.4

In an application control, which is like the "default" (All categories as "Monitor"), I added an application override, to block the following apps:

* HTTP.BROWSER_Opera

* HTTP.BROWSER_Opera.Mini

* Opera.Turbo

* Opera.Update

* Opera.VPN

* Firefox.Update

* HTTP.BROWSER_Firefox

 

(All applications found with the words "Opera" and "Firefox")

I applied the application control to a policy for the test machine, and when I tested, I still could use any browser.

The policy has applied the default "certificate-inspection" profile as "SSL Inspection"

Does this needs to use full inspection?

Do you know why both browser are still working?

Is there another way to block these browsers from the Fortigate?

 

I know this is better to block the application from the computer or from a centralized solution, but I need to know if is this possible to accomplish this with the Fortigate

 

Thanks in advance.

Regards,

Damián

 

Best answer by hpenmetsa

Hi Damián,
To accurately identify the browser client, it is recommended to enable a deep inspection SSL profile on the Firewall policy.  Please refer to the following article
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-force-a-client-to-use-a-specific-web/ta-p/263233

Thanks

2 replies

RBA
Staff
RBA
Staff
November 20, 2025

Hello,

I would suggest using policy in proxy inspection mode with deep inspection enabled. Application control and IPs profile can be applied to block the signatures. 

 

    damianhlozano
    damianhlozanoAuthor
    Explorer II
    November 20, 2025

    Thanks RBA,

    I will try to find out how to set the policy in proxy inspection mode with 7.6.4

    I also will try with and without full inspection, but we cannot use deep inspection here.

    I will tell you later

     

    Regards,

    Damián

    damianhlozano
    damianhlozanoAuthor
    Explorer II
    November 20, 2025

    Hello!!

     

    I didnt find how to configure a policy in proxy inspection mode in 7.6.4.

    Anyway I tried with deep inspection and worked.

    Is there a way to block browser from the Fortigate, without using deep inspection?

     

    Thanks.

    Regards,

    Damián

    hpenmetsa
    Staff
    hpenmetsaAnswer
    Staff
    November 24, 2025

    Hi Damián,
    To accurately identify the browser client, it is recommended to enable a deep inspection SSL profile on the Firewall policy.  Please refer to the following article
    https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-force-a-client-to-use-a-specific-web/ta-p/263233

    Thanks

    damianhlozano
    damianhlozanoAuthor
    Explorer II
    November 25, 2025

    I didnt see this article when I was searching information

    Thank you Hpenmetsa!!!

    I will deploy deep inspection!!

     

    Regards,

    Damián

    Terms & ConditionsAccessibility statement