Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sazi
New Contributor

Created on ‎04-12-2013 07:43 AM

Block HTTPS sites by URL

[using FortiGate 100D v5.02] I setup the WebFilter to block some categories, like Social Networking. If a user tries to access using HTTP it works fine, blocking the access. But if the user tries using HTTPS, the access is allowed. I read about the necessity to use SSL Inspection, but if I activate it, i get some errors about certificate. Then, I found this option inside UTM >> WebFilter: What does this option ? With this, I could block URLs access without using HTTPS Inspection ?? In my site, is not necessary Inspection under SSL Content, I just would like to block the access to websites via HTTPS...
18823
0 Kudos
19 REPLIES 19
SimplicityForce
New Contributor

Created on ‎04-12-2013 04:36 PM

I have been trying out the DNS Inspection Mode for a similar situation, and it seems to be working pretty well. You may want to give this a try. The only caveat is that you need to use the FortiGuard DNS servers, which may not be as fast or reliable as your current servers. I use the FortiGuard servers as forwarders for internal DNS with no issues yet. I hope this is helpful.
4296
0 Kudos
sazi
New Contributor

Created on ‎04-15-2013 05:58 AM

I' m already using FortiGuard DNS. I found this documentation, but I' m not sure if is it what you said. http://docs.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Handbook/UTM.005.12.html Best regards.
4296
0 Kudos
SimplicityForce
New Contributor
In response to sazi

Created on ‎04-15-2013 06:22 AM

You activate DNS inspection under UTM >> WebFilter >> Profile Inspection Mode: DNS
4296
0 Kudos
okidoki99
New Contributor

Created on ‎04-19-2013 07:40 AM

Hi there, I also have issues with blocking https sites. web filtering for youtube and facebook is ok, but as soon as I enter https:// it will pass my filters. My device is an: Fortigate 111C v5.0,build0179 (GA Patch 2) Can someone give me a check list of what do I need to have configured so it works?
Preview file
45 KB
4296
0 Kudos
okidoki99
New Contributor

Created on ‎04-19-2013 07:41 AM

I did not figure out how to add more pictures so I will reply with 2 more...sorry for that
Preview file
167 KB
4296
0 Kudos
okidoki99
New Contributor

Created on ‎04-19-2013 07:41 AM

last one
Preview file
91 KB
4296
0 Kudos
Staplewire
New Contributor

Created on ‎04-19-2013 07:53 PM

I' ve been working on this problem also. This setup seems to work for me for facebook, youtube and twitter (http and https):
Preview file
70 KB
4296
0 Kudos
Staplewire
New Contributor

Created on ‎04-19-2013 07:54 PM

For youtube, you can still access the page in https but the movies won' t play.
4299
0 Kudos
okidoki99
New Contributor

Created on ‎04-22-2013 02:53 AM

facebook and youtube seems to work (i can access the page but have error on play for every movie) is there any way to get rid of that page with the certificate being expired, even on google page?
4299
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.