FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to block the Google+ (Google Plus) social network access with the FortiGuard webfiltering feature.
FortiOS firmware version 4.00 MR3
FortiOS firmware version 5.0.x
When "Social Networking" is configured as blocked in the FortiGate GUI FortiGuard categories, it will still be possible to browse Google+ websites. This is because Google+ uses Google wildcard cert (*.google.com).
To ensure that a FortiGate unit is able to block Google+ access, it is necessary to enable the "Enable Deep Scanning" in Protocol Options:
1) Policy > Policy > Protocol Options 2) Edit the Protocol Options profile 3) Enable "Enable Deep Scanning" in HTTPS 4) Click "Apply"
Ensure that the outbound firewall policy associates with the correct "Protocol Options" profile after enabling UTM.
Internal Notes This KB article should be maintained by: TAC Articles with very similar or duplicate content exist: none Content of this KB article could be integrated to another article: FD33427, FD33409, FD31710, FD33511 Is this article relevant to currently supported product versions: yes What currently supported versions is this article relevant to: 4.3/5.0 Is this article ONLY relevant to non-supported versions: no If this article was written for an unsupported version, can it be modified/updated for a supported one: no Is this topic already documented in TechDocs: no Do you propose this article to be discontinued/moved to internal KB area: no Article was rewritten, as a result of this evaluation: no Changes done: none Other remarks and recommendations: Date this article was evaluated: 2013-03-27 Evaluated by: (Max POKAM, email@example.com - TAC Sophia, l2-preferred-accounts)