Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
okan
New Contributor II

Created on ‎02-11-2024 04:39 AM

How to allow recaptcha without google services?

Hello,

 

We are trying to create a very limited wireless network, it should only allow whatsapp on internet and it should be able to access Exchange OWA on our LAN. Seems easy to do as I've blocked everything and allowed only WhatsApp through application control and our internal network including Exchange OWA is accessible. The problem is we have recaptcha on our OWA page and doesn't load properly since application control is blocking everything except WhatsApp. I tried to allow Google Recaptcha using same App Control policy, also tried eveything explained in this https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-access-websites-that-use-Google/... , but recaptcha is not getting loaded if I don't allow Google.Services app in the app control policy. And allowing it makes google.com accessible which we don't want to have.

 

Google Services has a lot of sub-applications under it, like Google Search, Google Meet etc. so I tried allowing Google Services and then block all it's sub services except Google.Recaptcha and Google.Analytics but even this does not work and I can access Google home page and perform search.

 

I tried blocking Google.com using webfilter with above settings and it also doesn't work.

 

I am using deep SSL inspection as Google.Recaptcha relies on it. Any ideas how to fix this?

Labels:
4181
0 Kudos
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎02-13-2024 08:52 PM

Hello okan,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
4130
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎02-15-2024 11:43 PM

Hello okan,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
4102
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎02-20-2024 01:30 AM

Hello Okan,

 

I found this Reddit discussion where the solution is apparently provided:

https://www.reddit.com/r/fortinet/comments/1aplrk6/how_to_allow_recaptcha_without_google_services/

 

Could you please tell me if it helped you?

 

Regards,

Anthony-Fortinet Community Team.
4055
0 Kudos
smaruvala
Staff
Staff

Created on ‎02-20-2024 02:09 AM

Hi,

 

One thing you can do is to find the exact URL which is used for the captcha. You can check this using the chrome developer tools to understand the URL's used for the communication. You can take a wireshark capture on the client to see if the SSL/TLS communication goes to these URL using the SNI filed in the Client Hello packet. Once you have the SNI information you can try to create a custom Application Singnature and allow them as well. Below KB shows the IPS custom signature. You can try to do similar for the APP Control as well.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Custom-IPS-signature-to-block-TLS-SNI-of-C...

 

Regards,

Shiva

 

 

4049
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.