Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ferdo
New Contributor

how to block pornographic images displayed by Google Image

Hi,

On my Fortigate 600C, I have defined rules that block pornographic sites.

But I see that it is possible to display pornographic images with Google images. My question is : how to block pornographic images with google images ?

Thanks for your help.

 

Regards

Ferdo

 

5 REPLIES 5
Allwyn_Mascarenhas
Contributor

Turn on safe search on for search engines in web filter.

 

Still doubt whether this can be thoroughly blocked.

jintrah_FTNT
Staff
Staff

To add, enable deep inspection in the profile as well as turn on the "Rate Images by URL" in the webfilter profile.

Allwyn_Mascarenhas

jintrah wrote:

To add, enable deep inspection in the profile as well as turn on the "Rate Images by URL" in the webfilter profile.

wouldn't just certificate inspection achieve this?

 

Deep inspection slows down things i guess, also depends on the FGT model and no. of users right?

Sarvesh_FTNT

allwynmasc wrote:

wouldn't just certificate inspection achieve this?

No, Certificate Inspection only looks up the SNI [usually the domain you are visiting.] information of the website when the website is first visited. If the domain is allowed, it goes through and all future sessions will pass without any furhter ssl inspection.

 

Deep packet inspection [DPI], on the other hand makes the fortigate to act as the man in the middle. Allowing fortigate to inspect all contents inside the secure packet.

 

With Certificate Inspection:

You visit google.com, once the domain is allowed, the fortigate doesn't know what search queries are you typing as it is communicated over https since we are NOT doing DPI

and it cannot modify the URL as it cannot see the part past the hostname.

 

With Deep Inspection:

Fortigate acts as a man in the middle and can see the contents being transferred but more importantly it can see the URL, allowing the fortigate to intercept and add the safe=active parameter to force safe search everytime.

This also allows a network admin to monitor what search queries are being entered.

 

allwynmasc wrote:
 

Deep inspection slows down things i guess, also depends on the FGT model and no. of users right?

 Most models support it, but yes no of users and model in combination will decide performance

 

raheeldm
New Contributor

try enabling Safe Search in Web Filter profile that you have applied in the policy.

 

Labels
Top Kudoed Authors