Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
magnumpi
New Contributor III

safe search

I guys, I have fortigate 200b with v5 firmware. I have create a custom profile with " enable safe search" enabled but without any resoult, why? thanks
37 REPLIES 37
Ramesh_M
New Contributor

Hi, Enable safe Search is more or less same as browsers. The result of safe search is , Google, Yahoo, and Bing search results will no longer contain offensive sites Please review the site : http://docs.fortinet.com/cb/html/index.html#page/FOS_Cookbook/UTM/cb_utm_wf_seafesearch.html

Ramesh M Technical Specialist - CCNA(Security), FCNSP, ACE, ASE, ITIL blogs.itzecuriry.in

Ramesh M Technical Specialist - CCNA(Security), FCNSP, ACE, ASE, ITIL blogs.itzecuriry.in
magnumpi
New Contributor III

I had already followed the directions on the guide thanks
Bromont_FTNT
Staff
Staff

Google defaults to HTTPS now so unless you are doing SSL inspection the Fortigate will not be able to modify the search requests.
billp
Contributor

If you have access to your own DNS server, you can force Google to not use SSL for search. Basically, you configure a CNAME for www.google.com to point to nosslsearch.google.com. If you use a Windows 2008 R2 server (or higher) to serve DNS, you have to tweak the above settings slightly to work. More info here: https://support.google.com/websearch/answer/186669?hl=en

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bromont_FTNT
Staff
Staff

Bill, Can you confirm this is working? Last time I tested this the nosslsearch.google.com site just redirects to http:/www.google.com And because of HSTS the browser remembers https must be enforced.
billp
Contributor

Yes. Works fine for me. You have to make the change in DNS and it will redirect all queries to www.google.com but will not allow SSL for searches. Because Win2k8R2 (and I believe Win2k12) won' t allow a FQDN for a CNAME, you can use the IP address for nosslsearch.google.com. The IP is localized for various parts of the globe, but it hasn' t changed in my area since Google established it. If it ever does change, I will know pretty quickly :) There are numerous posts on this particular topic if you Google it, and you can avoid the problem altogether if you use a non-Windows DNS server.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
magnumpi
New Contributor III

Yes, I have enabled https inspection thanks
magnumpi
New Contributor III

I have made a test and I seen that the problem is that doesn' t work the https inspection and consequently the safe search. I have tried http://youtube.com that is blocked, but https://youtube.com not. I have alredy set https inspection as described in http://www.youtube.com/watch?v=-7OUDfhtc_g but nothing thanks
Bromont_FTNT
Staff
Staff

Those Youtube instructions are already a little outdated.... In order to do deep inspection you need to enable " Scan Encrypted connections" in the webfilter profile.
Top Kudoed Authors