FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rsondal
Staff
Staff
Article Id 277674
Description This article describes how to see the block page when trying to block YouTube (or any other site) using application control.
Scope FortiGate.
Solution
  1. Use application control to block YouTube:

 

3.JPG

 

 

  1. Enable the option 'Replacement Messages for HTTP-based Applications' on the same application security profile.

 

8.JPG

 

  1. If application control is used as security UTM (profile) to block YouTube, it is necessary to use deep packet inspection on the policy. If deep packet inspection is not used, it might block it, but it will show that 'This site can't be reached'.

 

2.JPG

 

1.JPG

 

  1.  if deep packet inspection is still used and the certificate is not installed on the user end, it will show this:

 

4.JPG

 

  1. This means it is a certificate issue. At this time it is necessary to make sure to have that deep packet inspection certificate installed on the user end: Technical Tip: How to enable deep inspection and i... - Fortinet Community
  2. To see the block page from here, it is necessary to use deep packet inspection on the policy, also make sure the policy is supposed to be in flow mode only and the certificate should be already installed on the user end as per step 4.

 

6.JPG

 

7.JPG

 

 

Make sure all these steps are correct and if still does not work, contact Fortinet Support:

https://support.fortinet.com/welcome/#/

Contributors