Description

This article describes how to troubleshoot safe search feature which is not working in Chrome browser but works in other browser like Firefox.

Scope

FortiGate.

Solution

To use safe search, it is necessary to enable SSL deep-inspection on the respective firewall policy.
However, it is possible to notice intermittently that the safe search is not enforced in Google Chrome, but it works in other browsers like Mozilla Firefox.

1. Ensure google.com is not exempted from SSL Inspection under Security Profiles -> SSL/SSH Inspection -> profile name. 
2. Check if there are any application control profile configured on the firewall policy along with the web filtering profile where safe search is enabled.
3. If no application control profiles are configured, configure an application control profile (the default profile is also fine) and block QUIC application in the application control profile, and use that profile in the firewall policy.

4. Once the QUIC application is blocked in the application control profile and applied the same in the firewall policy, it is possible to enforce safe search completely with the help of SSL deep-inspection in the Chrome browser.
   
   

Note.
Using the deep-inspection profile can cause certificate errors. For information about avoiding this, see Preventing Certificate warnings.

Related articles:

Technical Tip: Safe Search feature in FortiOS and ... - Fortinet Community

Technical Tip: Configuring SafeSearch for Google a... - Fortinet Community

Technical Tip: Safe Search is not enforced and exp... - Fortinet Community