Filter blocks only insecured web sites

Hi,

I recommend you to use a DNS filter if possible as it will block the name resolution itself, and not HTTP or other traffic.

If you want to use a web filter you have to configure ssl inspection (certificate inspection or deep inspection) so the Fortigate can at least check the certificate of the website to check the url, but the browser might present a "certificate warning". This is due to the fact https traffic is encrypted so the Fortigate can't see which site the request is for.

You can also try with a webfilter "*.*:443", but I haven't tried that myself, so I can't promise it'll work.

Good luck,

Johan

I figured out something weird. Fortigate blocks https web sites but not all. For example it's successfully blocks https://itc.ua:

2020-02-14T09:35:04.355876+02:00 192.168.60.2 date=2020-02-14 time=09:35:03 devname="fortigate" devid="xxx" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="root" eventtime=1581665704323571840 tz="+0200" urlfilteridx=1 urlfilterlist="Auto-webfilter-urlfilter_qka27jppz" policyid=15 sessionid=3770186 srcip=192.168.60.17 srcport=5247 srcintf="lan" srcintfrole="lan" dstip=93.183.199.243 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="itc.ua" profile="exclusions" action="blocked" reqtype="direct" url="https://itc.ua/" sentbyte=517 rcvdbyte=0 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high"

But it doesn't block https://facebook.com and https://youtube.com at all. I don't understand why the web filter's rule "*" works so selectively. Maybe it's SSL inspection allows requests.