FG - Block ALL internet except DNS https://vbr.butler.veeam.com/

Daagvandermeer · ‎03-24-2025

Is there a way to Block all Internet traffic except Veeam Malware detection URL?

The DNS is changing every time (IP's) so based on IPaddress Its not working always.

And I also created a DNS filter

But I see still traffic to others based on IP (I think)

Is there another way to fix this?

Kind regards

Daag

AEK · ‎03-28-2025

Are you using deep inspection? If so then it seems the internal server is not trusting the signing CA on FG.

AEK

Daagvandermeer · ‎03-28-2025

Thanks, I changed the SSL inspection to No Inspection. And that fixed it.

Jean-Philippe_P · ‎03-26-2025

Hello Daagvandermeer,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

Jean-Philippe_P · ‎03-28-2025

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Thanks,

Jean-Philippe - Fortinet Community Team

AEK · ‎03-28-2025

DNS filter may not work in such case because clients can access some locations without any DNS query.

Try use Web filter instead.

AEK

Daagvandermeer · ‎03-28-2025

Thanks,

Now I tried.

But when I'm opening the website on the specific Server, Ill get Certificate errors.
(cant validate the certificate...)

AEK · ‎03-28-2025

butler.veeam.com doesn't exist. Can you try open vbr.butler.veeam.com?

AEK

Daagvandermeer · ‎03-28-2025

My mistake, here is the full url.

AEK · ‎03-28-2025

Please share the cert error on the browser, and the Web filter profile.

AEK

Daagvandermeer · ‎03-28-2025

here is the Webfilter:
and here is the screenshot on the server.

AEK · ‎03-28-2025

Are you using deep inspection? If so then it seems the internal server is not trusting the signing CA on FG.

AEK

Nominate a Forum Post for Knowledge Article Creation