Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mperez
New Contributor

Block https sites whitout ssl inspection

Hi!

We want to block the https pages but for this you need to activate ssl inspection option

At this moment we have it configured in this way:

 

And a web filter with manual URLs filter(like *netflix*) but the https websites are not blocked

Do you know how I can block https sites whitout ssl inspection ? We use v 6.04

 

Thanks! 

2 REPLIES 2
Iescudero
Contributor II

Hello!

You can block the port TCP 443 specifically, which is the default for HTTPS.

it's better that you block all ports including 443 and only enable that you will use.

 

Bye!

 

emnoc
Esteemed Contributor III

You block by SNI and no you do not need to  do full-ssl-inspection

https://kb.fortinet.com/kb/documentLink.do?externalID=FD34661

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors