Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎06-04-2024 07:54 PM

web filter and app control do not work

Friends I am having problems with application blocking on the firewall.

For example, in the app control and web filter profiles, I added the Facebook application and in the web filter the Facebook wilcard, but users can still access it.

In the Internet exit policy, the certificate-inspection profile is enabled but the blocks are still not applied. I tested adding the deep-inspection profile but users still manage to access it.

checked that users have not installed any other application that could bypass the firewall.

 

Any other recommendations?

Labels:
1607
0 Kudos
6 REPLIES 6
achu
Staff
Staff

Created on ‎06-04-2024 09:23 PM

Hi @unknown1020 ,

 

Did you able to try to change the inspection mode of firewall policy? If you're using flow mode inspection kindly change it to proxy inspection mode using the below command. After the change please clear browsing cache and test again. thank you 

 

config firewall policy
edit # (ID of the policy)
set inspection-mode <flow or proxy>
end

1580
pdelapena
Staff
Staff

Created on ‎06-04-2024 09:44 PM

Hi @unknown1020 ,

Are you using Google Chrome? Do you experience the same issue with other browsers? You may try blocking QUIC protocol. More information about what QUIC is in the guide below.

Ref : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661

Best regards,
Pau
1576
unknown1020
New Contributor III
In response to pdelapena

Created on ‎06-06-2024 02:15 PM

Apparently it is a Chrome problem, because I applied the QUIC block and users continue to access pages and applications that are blocked in the profiles.

I tried in another browser and the applications that are blocked work, but not in Chrome.

Do you know if there is a version that solves this problem? Because blocking a certain Chrome feature on a machine-by-machine basis takes a lot of time and I have multiple users. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Goo...

1432
0 Kudos
mahesh_pm
New Contributor III

Created on ‎06-05-2024 06:38 AM

Hi,

 

1. create a web filter profile  and block social networking  and Proxy Avoidance Categories 

2. create an app profile and block social networking  and proxy Categories 

3. on the policy enable the created profile with SSL profile ( deep or certificate inspection )

4. Clear your web browser history and try to access Facebook.

 

if still not working check and make sure that your FortiGate is up to date with Fortiguard updates.

Cheers,
Cheers,
1529
unknown1020
New Contributor III
In response to mahesh_pm

Created on ‎06-06-2024 08:23 AM

Hello, thank you, how can I validate if the fortigate is updated with the Fortiguard updates?

1456
0 Kudos
rvillaroman
Staff
Staff

Created on ‎06-05-2024 11:49 PM

Hi @unknown1020,

 

On your URL filter wildcard make sure that the following is set action to block:

*facebook.*

*fb.com

*fbcdn.net

 

If the issue persists, kindly try to create a firewall policy with the action deny, then set these subnet ranges as destinations:

66.220.144.0 – 66.220.159.255
69.63.176.0 – 69.63.191.255
204.15.20.0 – 204.15.23.255

 

Regards,

rvillaroman
1500
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.