Dear IT Folks,
I'm facing with issue while trying to allow https URL on my FW Fortigate 300C. I'm using v5.2.13,build762 (GA).
Firstly, due to company policy, we have to block all of URL. I was set up URL ="*", Type=Wildcard, Action="Block"; Hence, no one can access to internet.
However, I allow multiple certain URL for accessing. For example: I was set URL= *.meeting.nice2meet.us/*, Type=Wildcard, Action="Allow".
But user can only access it if those website is using HTTP, they cannot access if website using HTTPS.
Please help me to take a glance and give me some idea.
Thanks a bunch.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1. First enable inspect all port
PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.
Regards,
Sudarsan Babu P
Hi,
Welcome to the Forums.
Q: Did you have a policiy that allows https? Q: Did you setup SSL Inspection on that policy? Q: Is the policy ordered bevore the deny policy?
________________________________________________________
--- NSE 4 ---
________________________________________________________
Hi Markus,
Thanks for your reply.
- As far as I know, I have no idea about how to create a policy that allow https. Could you give me an advice for this.
- On SSL/SSH inspection, I already uncheck HTTPS (443) to unblock this protocol.
- I have multiple policy for each department which allow specific URL, and the last one is deny all of URL.
If I configured something wrong, kindly give me some suggestion.
Dear Truongnctrieu,
You need to check HTTPS and allow webfilter category in excempt SSL Insecption.
HTTPS site will work.
Regards,
Sudarsan Babu P
Thanks for your reply Sudarsan Babu,
I have a little bit confusion in exempt SSL Inspection; Hence, I did not allow HTTPS traffic go through Fortigate. Could you teach me how to allow this webfilter.
Ex: In Policy & Object > SSL/SSH Inspection/ I already uncheck HTTPS 443. I thought that will not check HTTPS and allow the traffic. But client still not access to HTTPS URL.
Sudarsan Babu wrote:Thank you Sudarsan Babu!! It works like a charm. You are my life saver1. First enable inspect all port
PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.