Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
simport
New Contributor

Could we block https proxy avoidance?

Hi all, If we use an https anonymous proxy (like https://proxify.com) we can navigate everywhere without being concerned by the fortiguard filters. It doesn' t log our connection to the proxy website because it is with https. Does anyone know a way of blocking this bypass (without listing ALL the proxy avoidance websites in a block list or disabling https websites) ??? Thanks Simport --FG200a OS 3.0 b0475--
Simport Fortigate-200A 3.00-b0564
Simport Fortigate-200A 3.00-b0564
2 REPLIES 2
rwpatterson
Valued Contributor III

If you are using FortiGuard web filtering, adjust the protecion profile for the policy to block web proxy avoidance. Firewall -> Protection Profile -> profile name. Edit this Protection Profile. Cruise down to ' FortiGuard Web Filtering' , open it up. Under ' Rate URLs by domain and IP address' , under the category ' Potentially Liable' , find ' Proxy Avoidance' and select block. Make sure you select HTTPS under ' Enable FortiGuard Web Filtering' , and you should be good. This will block all KNOWN proxy servers. Anyone using one from a private (Verizon, AOL, etc.) IP address may bypass this, which is why I also block unrated sites. I' m in health care, so this is allowed, without higher approval.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
simport

Thank you, it works. Simport
Simport Fortigate-200A 3.00-b0564
Simport Fortigate-200A 3.00-b0564
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors