Hi
Fortigate 3240C v5.2.3
As a college I have to make sure that the users can access resources but to restrict them access to sites that they should not have access to. Because of this I have enabled SSL deep inspection which works really well apart from Google. I have noticed a few Google sites such as Google drive and Google classroom that do not work with deep inspection so I have had to disable it for them. Even though the certificate is correctly deployed to systems, Chrome still complains that its a possible 'Man In Middle' attack.
I would like to add *.google.com into the bypass list but I cant because some students have worked out how to search for porn using the following link.
Safe search mode is enabled in the web filter, but if I use *.google.com in the bypass list then they can just use the HTTPS site to bypass the web filter. The URL is an example of a what some of the students have used to bypass the filter.
Note: this link will display pornographic images so please do not click on it if offended or will cause you disaplinary issues.
URL:
So I have had to add the following Google sites to the SSL deep inspection exempt list:
*.google.com/batch
docs.google.com
drive.google.com
gmail.google.com
plus.google.com
As a result the firewall inspects all traffic for Google.com but not the ones above. Has anyone else had similar issues with Google (possible Bing/Yahoo as well), or is there a better way to this.
Yes we do have AUPs in place and students/staff are aware of what they can and cant use the internet for but I would just like to resolve the issue from a technical point of view if possible.
Thanks for any help
Ian Harrison
Web: www.activatelearning.ac.uk
Twitter: twitter.com/activate_learn
Facebook: facebook.com/Activate-Learning
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Without seeing your cfg, have you read and reviewed the cookbook recipe ?
http://cookbook.fortinet.com/blocking-adultmature-content-google-safesearch/
https://support.opendns.com/entries/57304954-How-to-Enforcing-Google-SafeSearch
FTNT has a few examples of how to execute this out & with the "forcesafesearch.google.com" DNS entry approach.
Ken
PCNSE
NSE
StrongSwan
Without seeing your cfg, have you read and reviewed the cookbook recipe ?
http://cookbook.fortinet.com/blocking-adultmature-content-google-safesearch/
https://support.opendns.com/entries/57304954-How-to-Enforcing-Google-SafeSearch
FTNT has a few examples of how to execute this out & with the "forcesafesearch.google.com" DNS entry approach.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1703 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.