We have got a FortiGate 50E with firmware v5.4.4 on NAT mode/Proxy based. I would like to restrict my network users to block the upload of data on a specific website. AnyOne here can help me implement this? Specifically, block upload to github.com, any help is appreciated!!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
C:\Users\varuvaiprjan>nslookup Default Server: globaldc.svsglobal.com Address: 10.1.1.1
> github.com Server: globaldT.ITglobal.com Address: 10.1.1.1
Non-authoritative answer: Name: github.com Addresses: 192.30.253.112 192.30.253.113
Thanks & Regards
Asus
SriramPrakash wrote:
[ol]check in Web Rating Overrides And then block those sites using those web filter based on Category that you may find it web filter For GitHub it comes under General interest-Bussiness block those categories or else uses those FQDN to Block And then us nslookup to check C:\Users\varuvaiprjan>nslookup Default Server: globaldc.svsglobal.com Address: 10.1.1.1
> github.com Server: globaldT.ITglobal.com Address: 10.1.1.1
Non-authoritative answer: Name: github.com Addresses: 192.30.253.112 192.30.253.113
Use resolving address to block those IP by creating deny policy if any doubt ping me [/ol]
I also have the same need to block github data uploads.
I am not quite sure where to do it wrong, application control can only be recognized as github, and is not recognized as Github_File.Upload. So blocking is invalid
The windows system has imported the certificate generated by the firewall. The browser accessing the web page can already see that the authenticated intermediate device is a firewall. But I am not sure if the client of github can be decrypted normally. What should I do?
Application control sensors are processed from top-down, so the Github.file.Upload sensor block should be on top. Mind you, if you are using security certificate inspection, fgt may not detect what is happening in that encrypted tunnel.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave Hall wrote:Application control sensors are processed from top-down, so the Github.file.Upload sensor block should be on top. Mind you, if you are using security certificate inspection, fgt may not detect what is happening in that encrypted tunnel.
[attachImg]https://forum.fortinet.com/download.axd?file=0;172576&where=message&f=Github-upload.JPG[/attachImg]
Hi,
What is your software version? How can I choose Github_File.Upload separately? I choose Github_File.Upload will definitely depend on Github. My software version is v6.0.4
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.