CoPilot Blocking in Transparent Proxies - Web Filter Has to Be in Firewall and Proxy Policies

Forum|Forum|2 months ago
March 26, 2026
1 reply
250 views

I'm trying to allow CoPilot in office.outlook.com sessions, but block copilot.microsoft.com in general browser sessions, as well as all other LLMs

My web filter has Artificial Intelligence Technology blocked in the Fortiguard category based filter, and a URL filter:

*.google.com/*udm=50*
*.google.com/*udm=14*
m365.cloud.microsoft
bing.com/chat
copilot.microsoft.com
*.bing.com
copilot.microsoft

I also have an application control profile on the proxy policy, with the GenAI category blocked.

The only way I can get it working is to have the AI blocking web filter in both the the firewall and proxy policies. Having the web filter in just the proxy policy works for most LLMs via browser, except CoPilot.

It works, but I'd like to know why, as this goes against the admin guide on transparent proxies.

https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/15908/transparent-proxy

I don't like not understanding my firewall's config :(

Best answer by hillsitsupp

Never mind. It was a wildcard SSL inspection exception for microsoft.com that broke it.

Yay for rubber duck debugging with a colleague.

hillsitsuppAuthorAnswer

Explorer

Never mind. It was a wildcard SSL inspection exception for microsoft.com that broke it.

Yay for rubber duck debugging with a colleague.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded