SSl deep inspection, Google and stopping porn
Hi
Fortigate 3240C v5.2.3
As a college I have to make sure that the users can access resources but to restrict them access to sites that they should not have access to. Because of this I have enabled SSL deep inspection which works really well apart from Google. I have noticed a few Google sites such as Google drive and Google classroom that do not work with deep inspection so I have had to disable it for them. Even though the certificate is correctly deployed to systems, Chrome still complains that its a possible 'Man In Middle' attack.
I would like to add *.google.com into the bypass list but I cant because some students have worked out how to search for porn using the following link.
Safe search mode is enabled in the web filter, but if I use *.google.com in the bypass list then they can just use the HTTPS site to bypass the web filter. The URL is an example of a what some of the students have used to bypass the filter.
Note: this link will display pornographic images so please do not click on it if offended or will cause you disaplinary issues.
URL:
So I have had to add the following Google sites to the SSL deep inspection exempt list:
*.google.com/batch
docs.google.com
drive.google.com
gmail.google.com
plus.google.com
As a result the firewall inspects all traffic for Google.com but not the ones above. Has anyone else had similar issues with Google (possible Bing/Yahoo as well), or is there a better way to this.
Yes we do have AUPs in place and students/staff are aware of what they can and cant use the internet for but I would just like to resolve the issue from a technical point of view if possible.
Thanks for any help
Ian Harrison