- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to allow recaptcha without google services?
Hello,
We are trying to create a very limited wireless network, it should only allow whatsapp on internet and it should be able to access Exchange OWA on our LAN. Seems easy to do as I've blocked everything and allowed only WhatsApp through application control and our internal network including Exchange OWA is accessible. The problem is we have recaptcha on our OWA page and doesn't load properly since application control is blocking everything except WhatsApp. I tried to allow Google Recaptcha using same App Control policy, also tried eveything explained in this https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-access-websites-that-use-Google/... , but recaptcha is not getting loaded if I don't allow Google.Services app in the app control policy. And allowing it makes google.com accessible which we don't want to have.
Google Services has a lot of sub-applications under it, like Google Search, Google Meet etc. so I tried allowing Google Services and then block all it's sub services except Google.Recaptcha and Google.Analytics but even this does not work and I can access Google home page and perform search.
I tried blocking Google.com using webfilter with above settings and it also doesn't work.
I am using deep SSL inspection as Google.Recaptcha relies on it. Any ideas how to fix this?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello okan,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello okan,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Okan,
I found this Reddit discussion where the solution is apparently provided:
https://www.reddit.com/r/fortinet/comments/1aplrk6/how_to_allow_recaptcha_without_google_services/
Could you please tell me if it helped you?
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
One thing you can do is to find the exact URL which is used for the captcha. You can check this using the chrome developer tools to understand the URL's used for the communication. You can take a wireshark capture on the client to see if the SSL/TLS communication goes to these URL using the SNI filed in the Client Hello packet. Once you have the SNI information you can try to create a custom Application Singnature and allow them as well. Below KB shows the IPS custom signature. You can try to do similar for the APP Control as well.
Regards,
Shiva
