Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nangu
New Contributor

Created on ‎04-09-2014 01:58 PM

Access to blocked sites through Google Translate

Hi, I have blocked sites by category and app control, but users still access these sites by using google translate. I can block access to google translate by a filter, but they bypass the filter by https. My unit is a FG 80C fw version 4.0 MR3 patch 8, and if I enable https inspection I get a lot of SSL errors and certificate import is not an option. There is a workaround to stop users accessing blocked sites via google translate? Thanks in advance. EDIT: The " google translate" method seems to work only on Chrome. With IE and Firefox the blocked pages are not shown by using google translate. Weird thing.
18281
0 Kudos
5 REPLIES 5
drak
New Contributor III

Created on ‎11-28-2014 03:36 AM

You can activate SSL Inspection and only check the website CN (hence preventing all the crazy certificate warnings that you're getting), here's how: http://docs.fortinet.com/uploaded/files/1705/fortigate-https-webfiltering-without-ssl-deep-scan-50.p...

 

Also, if you DO want Deep Inspection (Full SSL Inspection) you can use the procedure outlined here: http://cookbook.fortinet.com/preventing-certificate-warnings/

 

If you have a big network and Active Directory you can also distribute the CA certificate using GPOs.

4073
0 Kudos
Dave_Hall
Honored Contributor
In response to drak

Created on ‎11-28-2014 04:59 AM

SSL inspection won't work in this case because google translation uses google's wildcard security certificate.

 

There is an application filter for "google.translate" that you could try adding to your exist app sensor that covering web traffic.  Set the filter to block. 

 

Alternately, you could try the old-school method by blocking the site via FQDN.  NSlookup shows translate.google.com resolves to www3.l.google.com (with about 12 IP addresses), it may work.  Create a FQDN address label for the site, create the firewall policy then move it up the firewall chain so it can get triggered.

 

 

Edit: Never tried to block translate.google.com by FQDN before, so I am hoping this method doesn't block legitimate google traffic.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
101 KB
4073
0 Kudos
simonorch
Contributor

Created on ‎12-02-2014 01:02 AM

I'd seriously consider upgrading to 5.2.2 or at least 5.0.9 if for no other reason than using the much improved SSL inspection capabilities for webfiltering.

NSE8
Fortinet Expert partner - Norway

NSE8Fortinet Expert partner - Norway
4073
0 Kudos
Dipen
New Contributor III

Created on ‎12-03-2014 12:55 AM

I remember from my pre-Fortinet days 4-5 years ago.Google Translate Bypass used to work for other URL Filters also like WebSense.

I just had a look and I am able to bypass Filtering using Google Translate.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
4073
0 Kudos
pcraponi
Contributor II
In response to Dipen

Created on ‎12-03-2014 03:12 AM

Dipen wrote:

I remember from my pre-Fortinet days 4-5 years ago.Google Translate Bypass used to work for other URL Filters also like WebSense.

I just had a look and I am able to bypass Filtering using Google Translate.

This was fixed on 5.2.2

Regards, Paulo Raponi

Regards, Paulo Raponi
4073
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.