Dear IT Folks,
I'm facing with issue while trying to allow https URL on my FW Fortigate 300C. I'm using v5.2.13,build762 (GA).
Firstly, due to company policy, we have to block all of URL. I was set up URL ="*", Type=Wildcard, Action="Block"; Hence, no one can access to internet.
However, I allow multiple certain URL for accessing. For example: I was set URL= *.meeting.nice2meet.us/*, Type=Wildcard, Action="Allow".
But user can only access it if those website is using HTTP, they cannot access if website using HTTPS.
Please help me to take a glance and give me some idea.
Thanks a bunch.
Go to Solution.
1. First enable inspect all port
PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.
Sudarsan Babu P
View solution in original post
Welcome to the Forums.
Q: Did you have a policiy that allows https?
Q: Did you setup SSL Inspection on that policy?
Q: Is the policy ordered bevore the deny policy?
________________________________________________________--- NSE 4 ---________________________________________________________
Thanks for your reply.
- As far as I know, I have no idea about how to create a policy that allow https. Could you give me an advice for this.
- On SSL/SSH inspection, I already uncheck HTTPS (443) to unblock this protocol.
- I have multiple policy for each department which allow specific URL, and the last one is deny all of URL.
If I configured something wrong, kindly give me some suggestion.
You need to check HTTPS and allow webfilter category in excempt SSL Insecption.
HTTPS site will work.
Thanks for your reply Sudarsan Babu,
I have a little bit confusion in exempt SSL Inspection; Hence, I did not allow HTTPS traffic go through Fortigate. Could you teach me how to allow this webfilter.
Ex: In Policy & Object > SSL/SSH Inspection/ I already uncheck HTTPS 443. I thought that will not check HTTPS and allow the traffic. But client still not access to HTTPS URL.
Sudarsan Babu wrote:1. First enable inspect all port PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.