Friends I am having problems with application blocking on the firewall.
For example, in the app control and web filter profiles, I added the Facebook application and in the web filter the Facebook wilcard, but users can still access it.
In the Internet exit policy, the certificate-inspection profile is enabled but the blocks are still not applied. I tested adding the deep-inspection profile but users still manage to access it.
checked that users have not installed any other application that could bypass the firewall.
Any other recommendations?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @unknown1020 ,
Did you able to try to change the inspection mode of firewall policy? If you're using flow mode inspection kindly change it to proxy inspection mode using the below command. After the change please clear browsing cache and test again. thank you
config firewall policy
edit # (ID of the policy)
set inspection-mode <flow or proxy>
end
Hi @unknown1020 ,
Are you using Google Chrome? Do you experience the same issue with other browsers? You may try blocking QUIC protocol. More information about what QUIC is in the guide below.
Ref : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
Apparently it is a Chrome problem, because I applied the QUIC block and users continue to access pages and applications that are blocked in the profiles.
I tried in another browser and the applications that are blocked work, but not in Chrome.
Do you know if there is a version that solves this problem? Because blocking a certain Chrome feature on a machine-by-machine basis takes a lot of time and I have multiple users. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Goo...
Hi,
1. create a web filter profile and block social networking and Proxy Avoidance Categories
2. create an app profile and block social networking and proxy Categories
3. on the policy enable the created profile with SSL profile ( deep or certificate inspection )
4. Clear your web browser history and try to access Facebook.
if still not working check and make sure that your FortiGate is up to date with Fortiguard updates.
Hello, thank you, how can I validate if the fortigate is updated with the Fortiguard updates?
Hi @unknown1020,
On your URL filter wildcard make sure that the following is set action to block:
*facebook.*
*fb.com
*fbcdn.net
If the issue persists, kindly try to create a firewall policy with the action deny, then set these subnet ranges as destinations:
66.220.144.0 – 66.220.159.255
69.63.176.0 – 69.63.191.255
204.15.20.0 – 204.15.23.255
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.