Description
This article describes how to exempt government categories from deep inspection profiles.
Scope
FortiGate
Solution
There can be a case when the government websites do not work and can throw any error.
Example.
'This Site can’t be reached or any related.'
This can be due to the deep inspection which has been applied in the internet policy and it is necessary to exempt the government category from the deep inspection profile.
Follow the below steps to exempt the Govt category from the Deep inspection profile:
- Go to Security Profiles -> SSS/SSL Inspection.
- Check the deep inspection profile which is applied and edit it.
- Go to the section exempt from SSL Inspection as below:
- Select 'OK' to save the changes.
- Now, test the govt. website in private window ie Incognito Mode or else clear the session for the user IP and then test.
- Clear the session for user IP:
- Now, test the govt. website in private window ie Incognito Mode or else clear the session for the user IP and then test.
- Clear the session for user IP:
# diag sys session filter src x.x.x.x <----- x.x.x.x is user PC IP.
# diag sys session clear
# diag sys session clear
If there is still a concern, it is possible to manually allow the website with a URL web filter profile.
For further issues, create a web ticket in the support portal to troubleshoot further.
Related document.
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/13383/creating-a-web-filter-profile
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/13383/creating-a-web-filter-profile
