Hi all. We've just replaced our 7 years old Paloalto with Fortigate 100E. Overall are fine except that we can't block Ultrasurf chrome extension to establish connection with out enable deep-inspection SSL profile.
With deep-inspection turn on I can block the Ultrasurf Chrome extension to successfully establish it's connection. On my test machine I also install Fortigate cert to avoid cert warning. But I notice some delay for most web surfing and that just only 1 machine on the test policy.
Just wan't to know if it really neccessary to enable deep-inspection in order to block this chrome extension or any other solution?