Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
COBHelpdesk
New Contributor

ssl deep inspection exceptions are growing

A good indication that a feature is beginning to fail is how often do I have to work around it.  Our exception list to deep ssl inspections is grow each week.  This means staff are visiting sites that are deemed work related and asking for exceptions to be made to access them.  So these sites are detecting that we are decrypting the content and failing to allow access. These are sties that were previously accessible using ssl deep inspection but are now not. We are getting to the point of just using ssl inspection and finding a product that can peer into the traffic without blocking.   

Is there a new ssl deep inspection engine or configuration that will avoid these constant exceptions?  

 

I ask this because we just found that a site was added to the exception list and also provided Web URL avoidance capabilities.  This then allowed a few employees to visit porn and create direct tunnels to their home computers.  

 

Will enabling DNS filter on the Fortigates be the fix? if so how?

Thanks

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors