Skip to main content
Grumman
Grumman
New Member
September 9, 2015
Solved

Block HTTPS website on Google Chrome

  • September 9, 2015
  • 3 replies
  • 14514 views

Hello,

 

I have sucessfully managed to block http and https traffic on my Fortigate 100D but for some reason, if I open Google Chrome, all blocked HTTPS sites are accessible wile HTTP sites remain blocked !!!

 

I tried with Safari and Firefox and both HTTP & HTTPS sites are blocked...

 

Is there any reason why Chrome is bypassing the firewall settings?

 

The settings on the firewall are:

SSL/SSH Inspection ON, blocking HTTPS traffic

WebFilter ON, blocking all websites (* wildcard - deny) and allowing only 3 specific ones.

IPv4 Policy that incorporates the above rules.

    Best answer by emnoc

    The diag debug flow is your best friend, run the command and with a filter on chrome and non-chrome client ipv4:port . If I had to  guess, one of the following is taking place

     

    [ul]
  • The fw-policy is not correct or being match for the traffic from  the client(s)
  • The chrome client is using some external HTTPS proxy that the firewall is not matching ( i.e x.x.x.x port 8888 or 8123 or etc....)[/ul]

     

     

    For example on running  diag debug flow, search here on this forum.

     

     

    • 3 replies

    emnoc
    emnocAnswer
    New Member
    September 9, 2015

    The diag debug flow is your best friend, run the command and with a filter on chrome and non-chrome client ipv4:port . If I had to  guess, one of the following is taking place

     

    [ul]
  • The fw-policy is not correct or being match for the traffic from  the client(s)
  • The chrome client is using some external HTTPS proxy that the firewall is not matching ( i.e x.x.x.x port 8888 or 8123 or etc....)[/ul]

     

     

    For example on running  diag debug flow, search here on this forum.

     

     

    • Grumman
    GrummanAuthor
    New Member
    September 9, 2015

    Thank you for your swift reply and suggestions.

     

    I tried to replicate this on my machine and it does the same thing...

    Traffic from all browsers is blocked except from Chrome...

    I have no proxy setting on Chrome or any other browser...

    Is Chrome using some built in SSL/SSH proxy of some sort that fortigate can't catch?

    emnoc
    emnoc
    New Member
    September 9, 2015

    The diag debug flow is your best friend

     

    see the above & stop guessing

     

    Terms & ConditionsAccessibility statement