Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Link_Darck
New Contributor

Created on ‎06-24-2021 06:52 AM

How to block https sites whitout ssl inspection on FortiGate 200A

Hello, I am new in your community and I would like to know how to block a https site because in http it works I have the fortigate 200A thanks in advance Sincerely

4350
0 Kudos
1 Solution
Patel
New Contributor III

Created on ‎06-24-2021 10:08 PM

Hello,

> I would like to know how to block a https site

Are you looking to block a website using web filter or a different security profile?

SSL Inspection is required for FortiGate to identify the website the client is trying to access and block it.

 

If you know the domain name of the website you want to block, then you can create an FQDN address object on the FortiGate and create a policy to block HTTPS or ALL services traffic to the FQDN address object.

 

Please refer to the doc below on how to create an FQDN address object.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560763/fqdn-addresses

 

Regards,

Kavin

View solution in original post

3296
0 Kudos
5 REPLIES 5
Patel
New Contributor III

Created on ‎06-24-2021 10:08 PM

Hello,

> I would like to know how to block a https site

Are you looking to block a website using web filter or a different security profile?

SSL Inspection is required for FortiGate to identify the website the client is trying to access and block it.

 

If you know the domain name of the website you want to block, then you can create an FQDN address object on the FortiGate and create a policy to block HTTPS or ALL services traffic to the FQDN address object.

 

Please refer to the doc below on how to create an FQDN address object.

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560763/fqdn-addresses

 

Regards,

Kavin

3297
0 Kudos
Link_Darck
New Contributor
In response to Patel

Created on ‎06-25-2021 02:34 AM

Hello,

yes I want to block a website and no I don't have SSL inspection and yes I use a web filter

yes I know the domain name is [link]https://www.utorrent.com/[/link]

I have an old fortified which is 200A

here is the screen :

http://neko-world.hd.free..81/Upload/FortiGate.jpg]http://neko-world.hd.free..81/Upload/FortiGate.jpg

3267
0 Kudos
Patel
New Contributor III
In response to Link_Darck

Created on ‎06-25-2021 06:08 PM

Hello,

Looking at your model you might be running an old firmware version on your FortiGate.

I would say, just use the FQDN address object if the firmware version you are on supports FQDN address objects.

Regards,

Kavin Patel

3267
0 Kudos
PriorMatt
New Contributor
In response to Patel

Created on ‎06-26-2021 10:34 PM

Thanks for your helpful answer @Patel. I even didn't know much about it. But glad to get the details here. 

3267
0 Kudos
Link_Darck
New Contributor
In response to PriorMatt

Created on ‎06-29-2021 08:41 AM

tell me how to do it

3267
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.