Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mastermind
New Contributor

Obstructive replacement message overlay

We are using web filter profiles on our FortiGate to block access to social networking sites (facebook, twitter.etc). These sites are being blocked as intended but the issue is that when other allowed websites try to bring in content such as Facebook comments, “like” buttons, etc, the page gets overlaid with the “FortiGuard Block Page” replacement message and obstructs the website content. This becomes a big deal for our users as many websites are unusable until the FortiGate replacement message times out after approximately 90 seconds and the overlay disappears. I’m wondering if anyone has come across this issue and if there are any ideas on how to only make the replacement message only appear if someone tries to directly access a social networking and just silently block social networking content brought in from allowed sites. Thanks everyone!
5 REPLIES 5
Ralph1973
Contributor

Hello Mastermind ;-) I was thinking, maybe you can ' play' with both webfilter and application filter. In application filter you can block facebook applications itself instead of URL filtering like *facebook* as a wildcard. Kind regards, Ralph Willemsen Arnhem, Netherlands.
Phill_Proud
New Contributor

You could also potentially look at editing the replacement messages with a simple text message that might be less intrusive.
Faulty_Male
New Contributor III

I’m wondering if anyone has come across this issue and if there are any ideas on how to only make the replacement message only appear if someone tries to directly access a social networking and just silently block social networking content brought in from allowed sites
We have exactly the same issue and have raised a TAC request for this. I' ll update when I get a response
Faulty_Male
New Contributor III

One of our guys fixed this today - here is the solution: Block Social Networking - under web filter profile Tick Enable Website Filter - under the policy above Add the following entry: www.facebook.com/plugins/like.php Simple Exempt Enable Save & retest This should show the button but block if it is clicked. Let me know how you get on.
mastermind
New Contributor

Thank you everyone for your replies!
I was thinking, maybe you can ' play' with both webfilter and application filter. In application filter you can block facebook applications itself instead of URL filtering like *facebook* as a wildcard.
I have played with the application filter somewhat, but it' s not really effective for us as we don' t have any sort of SSL inspection going on and most of the social networking traffic is encrypted (I think this is the issue anyway?)
You could also potentially look at editing the replacement messages with a simple text message that might be less intrusive.
This is exactly what I had done, I made a small box that appears saying the content has been blocked and used a little JavaScript to make the message disappear when clicked. :)
One of our guys fixed this today - here is the solution: Block Social Networking - under web filter profile Tick Enable Website Filter - under the policy above Add the following entry: www.facebook.com/plugins/like.php Simple Exempt Enable Save & retest
That' s a great suggestion and I have done just that! It has greatly improved the issue and made most sites at least more readable. Thanks again everyone for the input!