Can anyone tell me the exact process of webfiltering? We had a phishing test and a couple users clicked a link in an email. The FW blocked the site as a Newly Registered Domain but the vendor conducting the test said he sees that the two clicks actually hit his server.
Fortigate 500D v 6.04. Firewall policy for web browsing is using default ssl-certificate inspection profile. site was using port 80 and not 443 and has web filtering profile assigned
Maybe the users that could connect where not behind the firewall, could be from home or on there SmartPhone using 4/5G?
or
If the FTG Webfilter sees the domain as Newly Registered Domain and the action is block, it will blok it for everey session. However, if the WEB filter service is not reachable, you can choose to allow all traffic during the "down" time or to block it. So it could be, the WEBfilter service was temporary not reachable and if you allow the traffic during unreachable there can be some users who slipped through
User | Count |
---|---|
143 | |
70 | |
64 | |
42 | |
37 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.