Override HTTPS-Websites (Webfilter override) with Full SSL Inspection

fortibhm · ‎07-07-2015

Hello,

I use the webfilter on my FortiGate 60D (with the newest FortiOS 5.2.3) to controll the access of websites in var. web categories.

Some web categories should be override with a local user (group) on my Forti. Everything works fine with overriding HTTP-Websites with a local User in this Group (Allow Blocked Override). But if I click on the "Override-Button" of a blocked HTTPS-Website (for example: 'https://www.twitter.com') it doesn't work --> loop / no override possible.

The "Fortinet_CA_SSLProxy"-certificate is imported in the "Trusted Root Certification Authorities" on all Clients thus the Full SSL Inspection works fine / no certificate warning/error or something. Blocked HTTPS-Websites are blocked and allowed HTTPS-Websites are allowed by opening them in the Client-Webbrowser.

Override Blocked HTTP-Websites also works. But only the override of HTTPS-Websites doesn't work! Has anyone a solution or a "best practice" for this problem?

Greets!

fortibhm · ‎07-14-2015

Additionally screenshots for this problem:

1. website of a blocked / override Category - "Alcohol" opened (Certificate Error although the right SSL-Proxy CA already imported)

fortibhm · ‎07-14-2015

2. click on "Proceed"-button for override this HTTPs-Website... the Browser hangs up --> loop (FortiGate CA-Proxy-SSL-Certificate is correctly imported into trusted root certification authorities)