Description

This article describes the steps to restrict the Doodle Games on a search term, like Pacman, Snake and so, on by using deep inspection.

Scope

FortiGate.

Solution

Using a Web-Filter proxy-based profile with the Games category as blocked, is not enough to deny the Doodle Games, as in a search term is possible to play games like 'Pacman'.

To avoid this behavior, and to restrict this kind of game it is recommended to perform the following configuration:

1. Configure a Web-Filter profile type Proxy-Based with the category 'Games' as Blocked.

2. Configure a Static URL Filter with the wildcard domains: '*fnbx*', '*gstatic*' and '*snake*' action 'Block'.

    

   

    

    

3. Configure an App Control profile with the 'Games' category blocked and add a filter blocking the QUIC protocol.

    

   

    

    

4. On the final PC, install the deep-inspection SSL Certificate 'Fortinet_CA_SSL' on the Trusted Root Certification Authorities.

    

   

    

    

5. Finally, apply the Web-Filter, App Inspection, and deep-inspection profiles on the Firewall Policy to outgoing to the Internet.

    

   

    

   After applying the configuration suggested, the Doodle Games are being restricted.