We are using Fortigate 601F in version 7.2.5 as an Explicit Proxy for internal users to access the internet. Web filtering profiles are used to control the internal user's web access.
In our network, there is an upstream proxy above the FortiGate proxy.
(Internal --> FortiGate Proxy --> Upstream Proxy --> External).
All the internet traffic (including the FortiGuard updates) needs to pass through the upstream proxy.
We have configured the proxy setting in the fortiguard. The web filter seems cab be updated via proxy. However, we encountered an issue related to internet access and blocking.
When we enable the Web Filter Profile with Certificate Inspection Profile, the banned websites (Gambling, Adult content) can be blocked by the related Web Filter Category. However, when end-users access some normal websites, such as Gmail, YouTube, etc., they cannot access these websites. It shows ERR_CONNECTION_CLOSED. In the Traffic Log, it showed that the website is being blocked by the UTM feature without a category.
If we use the Web Filter Profile with a "No-inspection" Profile, the internet access works fine. However, those banned websites in HTTPS cannot be blocked.
Are there any suggestions for it?
Thanks all
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear remuswong,
I believe you are facing issue with webfilter profile.
Can you share the snapshot of the webfilter logs where it is showing block
If it is not blocking by category it can be block by static url filter
Also can you confirm if you are using application control on the firewall policy
Dear Salon,
In the Web Filter profile, we have set all categories to "Allow"
We have enabled the Web Filter Profile and Certificate Inspection Profile in the Proxy Policy only.
It is very strange that no logs have been found in Web Filter logs in System Events
Thanks
@remuswong
Have you tried to install Fortigate SSL certificate to local machines in trusted root certificate store?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.