Hi Guys
I've configured an Application Control sensor, switched on the Replacement message, enabled deep-packet inspection etc and blocked GMail - but rather than getting a nice "This is blocked" message, the browser receives nothing.
Does the Replacement Messages not work with HTTPS traffic, even with Deep Packet inspection on?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
*Bump*
I was wondering the same thing? Any information on this? I'm having trouble getting a concrete answer.
Thanks
Which version of FortiOS are you running?
If you're running 5.4.x, is the FortiGate in flow mode or proxy mode?
App Control is run in flow mode regardless of whether the FortiGate is in "proxy" mode.
What other profiles are on the security policy?
Per the FortiOS documentation, you can run into problems with replacement messages not showing up if your policy has a proxy-mode Web Filter along with the (flow-mode) App Control.
My recent tests of this in 5.4.1 and 5.4.2 showed the replacement messages getting through properly, even with this configuration, but that doesn't guarantee it will work in all cases. Discussion of this is in this post: https://forum.fortinet.com/tm.aspx?m=135666&mpage=2.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.