Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lukmal
New Contributor

Blocking tik tok

Hello 

I hope someone can help. 

We have set up application control and web control to block tik tok  on 30E ( 6.2.10 firmware). 

After setup all looked ok ( around half a year ago) . Now it is not working properly.  When you try to access tik tok from Imac safari , it blocks it , but on the phone and ipad App and safari open tik tok.  

We made sure that 4G is off on devices and only WiFi is on.  

Now have tested problem in my office ( thou here we have Fortigate 40F, 7.0.5 firmware) , but if all is set up earlier, there is no problem.  But if you turn off the application control and turn it on if you have safari on ( even without tik tok on) tik tok works . Even thou application control logs show tik tok was blocked. . Same problem with application.  Similar issue is with coming off the 4G and getting only to wifi , if you had app on it keeps working.

Tried to block IP’s  but tik tok uses local ranges  , and if you block most popular IP’s it uses , it switches to different ones.

I tried DNS filtering  but that did not work at all.

 

Any suggestions would be appreciated.  

4 REPLIES 4
mgp
Staff
Staff

Hi Lukmal,

 

Please follow these steps and let me know If it works :

 

1.Security profile>>app control>>App and control overrides (create new)

search for tiktok and add the same with right click.

 

If this does not help then go for the second step:

 

2.Use deep-inspection with proxy based policy and make sure to use fortigate certificate on the end user machine. 

lukmal
New Contributor

Hello

ad 1 )   thats the way we have it set up , and even thou videos are loading slow but they do .

ad2) did quick test now , but will need to read up on this one , since after enabling deep packet inspection, clients cant open any https sites. 

umar1
New Contributor

With deep inspection used, do I need to install the certificate on the mobile phones too?

kvimaladevi

Hi Umar,

 

Yes, for deep inspection to work, you will have to import the certificate on the mobile phones too or else you will get certificate error.

you can follow the below link to install the certificate on the mobile phones:

https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-import-CA-certificates-into-Androi...

Regards,

Vimala