Description
Solution
This article explains how to block web-based chat on Gmail webmail using App Sensor + SSL Inspection.
Solution
1.) Configure Application Sensors Profile.
Go to Security Profile> Application Control> Application sensors.
Go to your application sensor profile ( or create a new profile).
In the application sensor create application sensor policy.
Click “+Create New” which is under “Enable Web Site Filter”.
Set Action as 'BLOCK'.
Click “OK”.
Click Apply.
2.) Create SSL Inspection Policy.
Go to Policy> Policy> SSL Inspection.
Make sure Protocol: HTTPS is checked.
Click “Apply”.
3.) Bind to Policy.
Go to Policy> Policy> Policy.
Select the correct policy.
Enable Application sensor and SSL inspection, and bind it to the correct profile.
Note that if you do not enable multiple security profiles, it would point to the default profile.
Click “OK”
4.) After this has been done, all https traffic which matches the policy will have a warning in certificate in the user’s web browser.
When ssl inspection is enabled, certificate warning would come up for other https sites which is an expected behaviour. To overcome this warning a Fortinet_CA-SSL proxy certificate has to be imported into the Trusted CA section on the browser as per below the related KB article 'Technical Note : Importing the FortiGate SSL Proxy certificate in Internet Explorer 8 (IE8) for decryption on SSL Inspection'.
5.) Open gmail.com and verify that web-based chat feature in gmail is blocked.
A page similar to the one shown below should be seen.
Go to Security Profile> Application Control> Application sensors.
Go to your application sensor profile ( or create a new profile).
In the application sensor create application sensor policy.
Click “+Create New” which is under “Enable Web Site Filter”.
Set Action as 'BLOCK'.
Click “OK”.
Click Apply.
2.) Create SSL Inspection Policy.
Go to Policy> Policy> SSL Inspection.
Make sure Protocol: HTTPS is checked.
Click “Apply”.
3.) Bind to Policy.
Go to Policy> Policy> Policy.
Select the correct policy.
Enable Application sensor and SSL inspection, and bind it to the correct profile.
Note that if you do not enable multiple security profiles, it would point to the default profile.
Click “OK”
4.) After this has been done, all https traffic which matches the policy will have a warning in certificate in the user’s web browser.
When ssl inspection is enabled, certificate warning would come up for other https sites which is an expected behaviour. To overcome this warning a Fortinet_CA-SSL proxy certificate has to be imported into the Trusted CA section on the browser as per below the related KB article 'Technical Note : Importing the FortiGate SSL Proxy certificate in Internet Explorer 8 (IE8) for decryption on SSL Inspection'.
5.) Open gmail.com and verify that web-based chat feature in gmail is blocked.
A page similar to the one shown below should be seen.
Related Articles
