Skip to main content
AssistCall
AssistCall
New Member
June 3, 2024
Solved

Fortinet Override Content Filter

  • June 3, 2024
  • 2 replies
  • 3713 views

Hi

So we are testing deep SSL inspection and have a policy setup with our own cert (tried it with default as well).

If I go to a site that is outside of the allowed categories on the web filter I get the usual FortiGuard Intrusion prevention blocked, have the page re-evaluated or override.

The page shows it's connected by HTTPS and has a valid certificate.

If i click on override I'm taking to the same URL but on port 8015,

eg : https www.cdn-national-lottery.co.uk:8015/ovrd?fblob=UE-1 

 

but this site returns a "This site can't provide a secure connectoin" and ERR_SSL_PROTOCOL_ERROR, on closer "inspection" (cough) it doesnt seem to have a certificate against the site.

 
 

fortinet.png

 

I can't see how the initial page has a valid Certificate but the 8015 port override page doesn't have a cert, any ideas?

 

 

If I change the 8015 URL to HTTP it then loads the page,

 

 

Login to override gets to to http on port 8015 with ERR_EMPTY_RESPONSE and "This page isnt working at the moment"

 

fortinet2.png

Best answer by pminarik

Thanks. Can you please retry with the Kyber chipher support disabled in your browser? It might be an issue with that.

 

chrome://flags/#enable-tls13-kyber

-> disable the option -> restart the browser (close all windows) -> try again

 

(I'm assuming this is something Chromium-based)

2 replies

AssistCall
AssistCallAuthor
New Member
June 3, 2024

So if I start Fiddler, it adds it's own Cert's which then means the override site on port 8015 has a cert that means the browser actually loads the page, and everything from then on works as expected and I can login and override by content filter ...

 

 

fidd.png

I dont understand how the override page on port 8015 doesnt have a certificate applied, is there a way to manually force a certificate?

other SSL websites show the fortinet applied certificate correctly for Deep SSL inspection

pminarik
Staff
pminarik
Staff
June 3, 2024

Can you clarify a few points?
What is the FortiOS firmware version?

Are you using proxy-mode or flow-mode inspection?
If flow-mode, please specify the IPS engine version (GUI: System > FortiGuard > License Information -> Intrusion Prevention -> IPS engine)

    AssistCall
    AssistCallAuthor
    New Member
    June 3, 2024

    v7.0.14  build 601

     

    Flow Based Content Filter

    IPS Engine version : Version 7.00180

     

     

    fortinet3.png

      pminarik
      Staff
      pminarikAnswer
      Staff
      June 3, 2024

      Thanks. Can you please retry with the Kyber chipher support disabled in your browser? It might be an issue with that.

       

      chrome://flags/#enable-tls13-kyber

      -> disable the option -> restart the browser (close all windows) -> try again

       

      (I'm assuming this is something Chromium-based)

        Terms & ConditionsAccessibility statement