Problem HSTS Webfiltering

Question

Hello !

I've searched an answer to my problem on the forum but didnt found it so i'm posting my own.

My problem is when a computer try to access a webpage which is blocked (e.g. facebook) i have not the Fortiguard who says "Web page blocked!" but an error who says "HSTS problem, someone might be trying to usurp the site. You will not have to continue etc..."

It is only working on IE, coz i guess he didnt have the HSTS check.

I understand that the problem is the fortigate is doing a MITM and so the browser see a wrong CA and so put a warning.

But someone know what can i do to get around that ?

Thanks a lot !

kphed · Answer

Check to see if "set https-replacementmsg" is set to enable or disable within the web filter profile (only present in the CLi and should be at the top before the Fortiguard categories). Depending on what it is set to will determine next course of action...I'll advise further if you reply to this post.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded