| Description | This article describes how the SSL Inspection profile may be exempting Google search, causing web content filtering to bypass the banned word instead of blocking. |
| Scope | FortiGate. |
| Solution |
The reason why web content filtering may be allowed while searching from Google is that the SSL Inspection profile is used in the firewall policy exempts Google domains from being inspected.
Navigate to Policy & Objects -> Firewall Policies. Locate the firewall policy that has been configured to use the web filter profile.
Edit the SSL Inspection profile being used, in this example, 'custom-deep-inspection'.
Review the Exempt from SSL Inspection and make sure Search Engines and Portals are removed from the web categories and Google FQDN from the addresses.
To check the exempt list in the CLI:
config firewall ssl-ssh-profile edit custom-deep-inspection config ssl-exempt show | grep category -f delete 33 <--Delete entry 33 from the exempt list. end end
When testing and trying to search for the banned word 'Reddit' on Google search, it has been blocked by the content filter setup:
|
