First create address objects with the FQDN of the websites you want to block. Then create a security policy going from inside to outside, service https, and the new address objects. I think that should block the https version of the website. Depending on how many website you are blocking this may get a bit much because of the DNS lookup the firewall has to do when it processes the policy and the IP may not be the same every time, https://forum.fortinet.com/FindPost/118125 .
You can also create two different policies one for service HTTP and one for HTTPS, and attach different web filtering profiles to them. Blocking the sites you want on the HTTPS side. It will take more work to maintain both profiles but it should get you what you need.
You do not need to enable deep-inspection to block most HTTPS sites. In your policies, if you enable "certificate-inspection" under SSL Inspection, the FortiGate will scan the Client Hello SNI or the Server Certificate commonName. It will not do a man-in-the-middle interception.
For e.g. if you add a Static URL filter for "*.facebook.com". It will work for HTTP and HTTPS sessions.
Thank you very much for your answer !! I will try your solutions.
The solution of Emes is good but may be heavy to create all the objets whith fqdn.
The solution of hmtay_FTNT seems better but it's appairs the page "the connexion is not secured, add an exception... (page for problem of certificates) and after it appairs the message of Fortinet which says : "Web Page Blocked".
The result is good because the pages are blocked! Pity there is this problem of page unsecured...
shennar, you are getting the block page from the Fortigate but it's HTTPS and thus presenting the Fortigate certificate. Your broswer expects HTTPS AND the certificate to match the site you're attempting to visit so it presents the certificate error.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.