Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Link_Darck
New Contributor

How to block https sites whitout ssl inspection on FortiGate 200A

Hello, I am new in your community and I would like to know how to block a https site because in http it works I have the fortigate 200A thanks in advance Sincerely

1 Solution
Patel
New Contributor III

Hello,

> I would like to know how to block a https site

Are you looking to block a website using web filter or a different security profile?

SSL Inspection is required for FortiGate to identify the website the client is trying to access and block it.

 

If you know the domain name of the website you want to block, then you can create an FQDN address object on the FortiGate and create a policy to block HTTPS or ALL services traffic to the FQDN address object.

 

Please refer to the doc below on how to create an FQDN address object.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560763/fqdn-addresses

 

Regards,

Kavin

View solution in original post

5 REPLIES 5
Patel
New Contributor III

Hello,

> I would like to know how to block a https site

Are you looking to block a website using web filter or a different security profile?

SSL Inspection is required for FortiGate to identify the website the client is trying to access and block it.

 

If you know the domain name of the website you want to block, then you can create an FQDN address object on the FortiGate and create a policy to block HTTPS or ALL services traffic to the FQDN address object.

 

Please refer to the doc below on how to create an FQDN address object.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560763/fqdn-addresses

 

Regards,

Kavin

Link_Darck

Hello,

yes I want to block a website and no I don't have SSL inspection and yes I use a web filter

yes I know the domain name is [link]https://www.utorrent.com/[/link]

I have an old fortified which is 200A

here is the screen :

http://neko-world.hd.free..81/Upload/FortiGate.jpg]http://neko-world.hd.free..81/Upload/FortiGate.jpg

Patel
New Contributor III

Hello,

Looking at your model you might be running an old firmware version on your FortiGate.

I would say, just use the FQDN address object if the firmware version you are on supports FQDN address objects.

Regards,

Kavin Patel

PriorMatt

Thanks for your helpful answer @Patel. I even didn't know much about it. But glad to get the details here. 

Link_Darck

tell me how to do it

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors