with SSL Inspection, i have been running into problems with applications and devices being blocked. i currently have deep-inspection applied to my policy and am playing around with overrides and custom categories. for the most part this is working but it can get tedious with what to set.
is it safe to add an entire category as an exemption (IE: Business, Information Technology) or can this pose a threat?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
To some extent, yes, but re-evaluations happen fairly constantly. If a site within a known good category is compromised or reported by a user or firewall, or an anomaly is detected by the FortiGuard network, the site can be re-categorized as Malicious until the site owners rectify the issue.
The detection and category change can take some time (so can categorizing zero-day threats), so you'd have to consider on balanace how sensitive you'd want your detection to be, but as long as you block the Malicious category, it should be safe up to a point.
Regards, Chris McMullan Fortinet Ottawa
i was moreso referring to SSL Inspection exemptions and deep-inspection profile as i am understanding your reply as the category itself under Web Security.
Hi
I think you are pointing to "exclude some sites" form being scaned by deep-inspection!? It depends what you would like to reach. If you are using deep-inspection (Cert on the client) you will have some problems on specific sites like Windows Update etc. This is regarding "how the cert is checked" for such services etc. Under FortiOS 5.2.x there is a new function which covers this. This means lets imagine you have deep-inspection and WebFilter implemented with categories etc. whatever you have. If you recognize that a site makes problems with deep-inspection and WebFilter and you would like to exclude a specific site from beeing used by deep-inspection use following command (FortiOS 5.2.x only):
# config firewall ssl-ssh-profile # edit [Use your profile] # config ssl-exempt # edit [Use a integer 1] # set type [fortiguard-category | address | address6] # set fortiguard-category [If option "set type fortiguard-category" is used set specific category] # set address [if option "set type address" is used define address] # end
There is also another possibility to exclude a specific site by "wildcard, regex, simple" for beeing used for UTM features like antivirus etc. This is configured in the WebFilter as specific URL Filter (both FortiOS 5.0.x and/or FortiOS 5.2.x):
# config webfilter urlfilter # edit [Use a specific Integer like 1] # config entries # edit [Use a specific Integer like 1] # set url [set a specific URL like *.apple.com] # set type [simple | regex | wildcard] # set action [exempt | block | allow | monitor] # set exempt [By default "all" is used meaning "all" UTM Features. If you like to set a specific one use | av | web-content | activex-java-cookie | dlp | fortiguard | range-block all] # set status [enable | disable] # unset referrer-host # end # end
The meaning of the excempt options are:
activex-java-cookie ActiveX, Java, and cookie filtering. all Exempt from all. av Antivirus filtering. dlp DLP scanning. filepattern File pattern matching. fortiguard FortiGuard web filtering. pass Pass single connection from all. range-block Exempt range block feature. web-content Web filter content matching.
After defining a URL Filter set the specific Integer like "1" used for "config webfilter urlfilter" within the specific webfilter:
# config webfilter profile
# edit [Name of the profile]
# config web
# set urlfilter-table 1
# end
# end
This means under FortiOS 5.2 you can over deep-inspection profile exclude some site to be used for deep-inspection and for FortiOS 5.0.x and/or FortiOS 5.2.x you can over URL Fitler exclude some sites (wildcard, simple, regex) from UTM Features.
Hope this helps
have fun
Andrea
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1531 | |
1028 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.