- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- web filter and app control do not work
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
web filter and app control do not work
Friends I am having problems with application blocking on the firewall.
For example, in the app control and web filter profiles, I added the Facebook application and in the web filter the Facebook wilcard, but users can still access it.
In the Internet exit policy, the certificate-inspection profile is enabled but the blocks are still not applied. I tested adding the deep-inspection profile but users still manage to access it.
checked that users have not installed any other application that could bypass the firewall.
Any other recommendations?
Labels:
- Labels:
-
FortiGate
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020 ,
Did you able to try to change the inspection mode of firewall policy? If you're using flow mode inspection kindly change it to proxy inspection mode using the below command. After the change please clear browsing cache and test again. thank you
config firewall policy
edit # (ID of the policy)
set inspection-mode <flow or proxy>
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020 ,
Are you using Google Chrome? Do you experience the same issue with other browsers? You may try blocking QUIC protocol. More information about what QUIC is in the guide below.
Ref : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
Paulo Dela Pena
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apparently it is a Chrome problem, because I applied the QUIC block and users continue to access pages and applications that are blocked in the profiles.
I tried in another browser and the applications that are blocked work, but not in Chrome.
Do you know if there is a version that solves this problem? Because blocking a certain Chrome feature on a machine-by-machine basis takes a lot of time and I have multiple users. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Goo...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
1. create a web filter profile and block social networking and Proxy Avoidance Categories
2. create an app profile and block social networking and proxy Categories
3. on the policy enable the created profile with SSL profile ( deep or certificate inspection )
4. Clear your web browser history and try to access Facebook.
if still not working check and make sure that your FortiGate is up to date with Fortiguard updates.
Cheers,
Cheers,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you, how can I validate if the fortigate is updated with the Fortiguard updates?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @unknown1020,
On your URL filter wildcard make sure that the following is set action to block:
*facebook.*
*fb.com
*fbcdn.net
If the issue persists, kindly try to create a firewall policy with the action deny, then set these subnet ranges as destinations:
66.220.144.0 – 66.220.159.255
69.63.176.0 – 69.63.191.255
204.15.20.0 – 204.15.23.255
Regards,
rvillaroman
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Loss of communication between L3 equipment... 123 Views
- FortiGate-3300E v7.2.7 SSL Application Blocking Issue 463 Views
- IPSEC VPN stopped working under Windows... 960 Views
- New SSID Recommendation 497 Views
Labels
-
FortiGate
7,084 -
FortiClient
1,396 -
5.2
801 -
5.4
639 -
FortiManager
613 -
FortiAnalyzer
448 -
6.0
416 -
FortiAP
371 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
287 -
FortiMail
272 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
123 -
FortiGuard
114 -
IPsec
105 -
SSL-VPN
99 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
FortiADC
45 -
SD-WAN
44 -
Fortivoice
44 -
FortiEDR
43 -
FortiDNS
38 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiAuthenticator
33 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
High Availability
31 -
VLAN
29 -
FortiWAN
24 -
FortiConnect
24 -
DNS
23 -
ZTNA
22 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
Interface
17 -
VDOM
17 -
Routing
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
FortiCASB
12 -
NAT
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
OSPF
5 -
trunk
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
3.6
4 -
FortiScan
4 -
Web rating
4 -
Intrusion prevention
4 -
FortiDeceptor
3 -
Multicast routing
3 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
Netflow
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
DLP sensor
2 -
Fabric connector
2 -
Multicast policy
1 -
4.0MR1
1 -
Zone
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP Dictionary
1 -
DLP profile
1 -
Internet Service Database
1 -
Explicit proxy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1050 | |
| 865 | |
| 521 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.