Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Grumman
New Contributor III

Created on ‎09-09-2015 10:09 AM

Block HTTPS website on Google Chrome

Hello,

 

I have sucessfully managed to block http and https traffic on my Fortigate 100D but for some reason, if I open Google Chrome, all blocked HTTPS sites are accessible wile HTTP sites remain blocked !!!

 

I tried with Safari and Firefox and both HTTP & HTTPS sites are blocked...

 

Is there any reason why Chrome is bypassing the firewall settings?

 

The settings on the firewall are:

SSL/SSH Inspection ON, blocking HTTPS traffic

WebFilter ON, blocking all websites (* wildcard - deny) and allowing only 3 specific ones.

IPv4 Policy that incorporates the above rules.

13755
0 Kudos
1 Solution
emnoc
Esteemed Contributor III

Created on ‎09-09-2015 11:40 AM

The diag debug flow is your best friend, run the command and with a filter on chrome and non-chrome client ipv4:port . If I had to  guess, one of the following is taking place

 

[ul]
  • The fw-policy is not correct or being match for the traffic from  the client(s)
  • The chrome client is using some external HTTPS proxy that the firewall is not matching ( i.e x.x.x.x port 8888 or 8123 or etc....)[/ul]

     

     

    For example on running  diag debug flow, search here on this forum.

     

     

    • PCNSE 

    NSE 

    StrongSwan  

    View solution in original post

    PCNSE NSE StrongSwan
    3668
    0 Kudos
    3 REPLIES 3
    emnoc
    Esteemed Contributor III

    Created on ‎09-09-2015 11:40 AM

    The diag debug flow is your best friend, run the command and with a filter on chrome and non-chrome client ipv4:port . If I had to  guess, one of the following is taking place

     

    [ul]
  • The fw-policy is not correct or being match for the traffic from  the client(s)
  • The chrome client is using some external HTTPS proxy that the firewall is not matching ( i.e x.x.x.x port 8888 or 8123 or etc....)[/ul]

     

     

    For example on running  diag debug flow, search here on this forum.

     

     

    • PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    3669
    0 Kudos
    Grumman
    New Contributor III

    Created on ‎09-09-2015 11:54 AM

    Thank you for your swift reply and suggestions.

     

    I tried to replicate this on my machine and it does the same thing...

    Traffic from all browsers is blocked except from Chrome...

    I have no proxy setting on Chrome or any other browser...

    Is Chrome using some built in SSL/SSH proxy of some sort that fortigate can't catch?

    3606
    0 Kudos
    emnoc
    Esteemed Contributor III

    Created on ‎09-09-2015 02:36 PM

    The diag debug flow is your best friend

     

    see the above & stop guessing

     

    PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    3606
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.