FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
GabrielAuYong_FTNT
Description

This article explains how to block the Google+ (Google Plus) social network access with the FortiGuard webfiltering feature.


Scope
FortiOS firmware version 4.00 MR3
FortiOS firmware version 5.0.x

Solution
When "Social Networking" is configured as blocked in the FortiGate GUI FortiGuard categories, it will still be possible to browse Google+ websites.  This is because Google+ uses Google wildcard cert (*.google.com).

To ensure that a FortiGate unit is able to block Google+ access, it is necessary to enable the "Enable Deep Scanning" in Protocol Options:

1) Policy > Policy > Protocol Options
2) Edit the Protocol Options profile
3) Enable "Enable Deep Scanning" in HTTPS
4) Click "Apply"

Ensure that the outbound firewall policy associates with the correct "Protocol Options" profile after enabling UTM.

Internal Notes
This KB article should be maintained by: TAC
Articles with very similar or duplicate content exist: none
Content of this KB article could be integrated to another article: FD33427, FD33409, FD31710, FD33511
Is this article relevant to currently supported product versions: yes
What currently supported versions is this article relevant to: 4.3/5.0
Is this article ONLY relevant to non-supported versions: no
If this article was written for an unsupported version, can it be modified/updated for a supported one: no
Is this topic already documented in TechDocs: no
Do you propose this article to be discontinued/moved to internal KB area: no
Article was rewritten, as a result of this evaluation: no
Changes done: none
Other remarks and recommendations:
Date this article was evaluated: 2013-03-27
Evaluated by: (Max POKAM, mpokam@fortinet.com - TAC Sophia, l2-preferred-accounts)


Contributors