Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lukmal
New Contributor

Blocking tik tok

Hello 

I hope someone can help. 

We have set up application control and web control to block tik tok  on 30E ( 6.2.10 firmware). 

After setup all looked ok ( around half a year ago) . Now it is not working properly.  When you try to access tik tok from Imac safari , it blocks it , but on the phone and ipad App and safari open tik tok.  

We made sure that 4G is off on devices and only WiFi is on.  

Now have tested problem in my office ( thou here we have Fortigate 40F, 7.0.5 firmware) , but if all is set up earlier, there is no problem.  But if you turn off the application control and turn it on if you have safari on ( even without tik tok on) tik tok works . Even thou application control logs show tik tok was blocked. . Same problem with application.  Similar issue is with coming off the 4G and getting only to wifi , if you had app on it keeps working.

Tried to block IP’s  but tik tok uses local ranges  , and if you block most popular IP’s it uses , it switches to different ones.

I tried DNS filtering  but that did not work at all.

 

Any suggestions would be appreciated.  

8 REPLIES 8
mgp
Staff
Staff

Hi Lukmal,

 

Please follow these steps and let me know If it works :

 

1.Security profile>>app control>>App and control overrides (create new)

search for tiktok and add the same with right click.

 

If this does not help then go for the second step:

 

2.Use deep-inspection with proxy based policy and make sure to use fortigate certificate on the end user machine. 

lukmal
New Contributor

Hello

ad 1 )   thats the way we have it set up , and even thou videos are loading slow but they do .

ad2) did quick test now , but will need to read up on this one , since after enabling deep packet inspection, clients cant open any https sites. 

umar1
New Contributor II

With deep inspection used, do I need to install the certificate on the mobile phones too?

U
U
kvimaladevi

Hi Umar,

 

Yes, for deep inspection to work, you will have to import the certificate on the mobile phones too or else you will get certificate error.

you can follow the below link to install the certificate on the mobile phones:

https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-import-CA-certificates-into-Androi...

Regards,

Vimala

MollyLyons
New Contributor

Hi there. It sounds like you're having some difficulty with blocking Tik Tok on your Fortigate 30E. It's definitely a tricky issue, but I'm sure we can figure out a solution. Have you tried using content filtering to block Tik Tok? That might be a good starting point. Maybe guys from Tikdroid (https://tikdroid.com/buy-tiktok-followers) might know the answer. Let us know if you have any other ideas or questions, and I'm sure we can work together to help you find a solution. I hope you figure it out at soon as possible!

groverc07
New Contributor

Hey Guys,

 

Did anyone find solution in blocking the tiktok permanantly?

rodirozmar
New Contributor II

It's wild how TikTok can just wiggle its way through the IP blocks, huh? Those local ranges must be its secret teleportation spots! And kudos for giving DNS filtering a shot, even if it didn't work out. At least you're exploring all the avenues!

I'm no magician, but I really hope you find a way to tame TikTok's mischievous ways. Maybe someone out there has the ultimate trick up their sleeve. Keep your spirits high and your tech tools ready! And hey, if you ever take a breather from tech troubles, feel free to dive into the world of the cheapest SMM panel.

qasimbashir6242
New Contributor III

Hey there,

I totally get your frustration – I've been through a similar situation myself, trying to block specific apps for security and productivity reasons at our workplace. Blocking TikTok can indeed be a challenge due to the dynamic IPs and the myriad ways it's designed to connect.

A couple of thoughts:

Application Control: The fact that the application control logs show TikTok being blocked but it still functions may indicate that only a specific component of the app or website is being flagged and not the entire ecosystem. It might be beneficial to ensure you're up-to-date with the latest application signatures from Fortinet.

Device Specific: The inconsistent results between the iMac and the mobile devices could be due to how different devices handle cached data or even due to different application versions being installed on different devices.

SSL Inspection: A lot of times, applications like TikTok use encrypted traffic. Without deep SSL inspection, the FortiGate might not be able to decipher the traffic correctly and block it. This might lead to only partial blocks or bypasses. Please be aware though, implementing SSL inspection can sometimes be complex and requires consideration for user privacy.

Persistent Connection: Mobile apps often maintain a persistent connection. This might explain why it continues to work if you switch from 4G to WiFi after the app is already opened. The actual blocking mechanism might be failing to sever already established connections.

Alternative Methods: If direct IP blocking and DNS filtering didn't work, you might consider setting up a custom block page for known TikTok URLs or use FortiGate's advanced web filtering settings. Another option, although might be a bit extreme, is to block based on User-Agent strings that pertain to the TikTok app (but this might also block other unrelated traffic).

Seek Expert Advice: Sometimes, these configurations can get tricky. Consider reaching out to a Fortinet expert or consultant who might have a deeper understanding of the nuances of the 30E and 40F appliances.

Lastly, I'm not sure if you've done this, but always ensure that the firmware is updated on your devices. Sometimes, updates resolve certain compatibility or functional issues.

Hope this helps! If you've got any other experiences or tricks up your sleeve, please share. Always looking to learn more!

Cheers,
Ahmad

Labels
Top Kudoed Authors