- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Facebook detection not working application controle
Hello,
I am running a fortigate 800C using application controle.
If i block the facebook application signature, i cannot access facebook.
If i allow the facebook application signature, i can access whole facebook and cannot specify not to chat, game and like.
The applications detected in the log are facebook and not par example facebook_post.
I want to allow the users to login and search for other users, but nothing more.
I think it has something to do with https/ssl but do not know how to fix it.
Anyone know how to solve this issue?
Kind regards,
Tom
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm you're using SSL inspection? You'll probably need to select deep inspection for this.
EDIT: To clarify, Deep Inspection is selected within the IPv4 policy, it will have certificate-inspection or deep-inspection
......
-Jake
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have changed the setting from certificate inspection to deep scan.
Now i am getting certificate warnings when going to facebook. I can login after accepting the "risk"
The fortigate CA root certificate is not trusted.
I get blocked content with certificate errors and am still able to push the like button.
Do i need to install our own certificate on the firewall or can i download the fortigate CA and lnstall that certificate?
kind regards,
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TomBlank wrote:Hello,
I have changed the setting from certificate inspection to deep scan.
Now i am getting certificate warnings when going to facebook. I can login after accepting the "risk"
The fortigate CA root certificate is not trusted.
I get blocked content with certificate errors and am still able to push the like button.
Do i need to install our own certificate on the firewall or can i download the fortigate CA and lnstall that certificate?
kind regards,
Tom
Hi Tom,
you can do one of these solution (install fortigate CA on computer, or create a Ca for your fortigate).
BUT : If you don't know how it works, I suggest you to do not enable this features, or read the documentation carefully. Are you sure that your hardware will able to do that (in point of performance) ? some applications don't allow SSL interception.. I suggest you to ask to your fortinet partner to configure this feature to avoid all problem.
Lucas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to block certain applications within Facebook, but not the whole site, then you will need it.
You're using a 800C, Deep SSL inspection will have an impact on performance, but to achieve what you want, it needs to be done. As said above, add the Fortinet cert to your CA, I think its the one called Fortinet_SSLProxy (or similar)
......
-Jake
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's a Cookbook recipe about preventing certificate warnings here: http://cookbook.fortinet.com/preventing-certificate-warnings/
There's also some more information about SSL inspection in a recent article here: http://cookbook.fortinet.com/why-you-should-use-ssl-inspection/
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
