Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kcerb
New Contributor III

How to inform client when application filter is blocking a website?

Hi,

We have Fortigate with proxy-based inspection mode (FW:5.4.10)

When web-filter module blocks a website, client have information in his browser.

But when application control module blocks a website it is just blank (white) and after a while - this site is unavailable . Is it possible to change it?

 

 

FGT60B, FGT100A, FGT100D

FGT60B, FGT100A, FGT100D
1 Solution
Dave_Hall
Honored Contributor

The option for replacement message for HTTP-based App should be enabled by default, at least under 6.0.x.  Then under System/Replacement Messages->edit/customize the "Application Control Block Page" page.  Keep in mind that if the website is on HTTPS (most sites are these days) you may not see the message unless "deep packet" inspection is enabled  - someone may want to chime in here if I'm mistaken on this.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
3 REPLIES 3
Dave_Hall
Honored Contributor

The option for replacement message for HTTP-based App should be enabled by default, at least under 6.0.x.  Then under System/Replacement Messages->edit/customize the "Application Control Block Page" page.  Keep in mind that if the website is on HTTPS (most sites are these days) you may not see the message unless "deep packet" inspection is enabled  - someone may want to chime in here if I'm mistaken on this.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
kcerb
New Contributor III

Thank you Dave.

So it's about HTTPS.

FGT60B, FGT100A, FGT100D

FGT60B, FGT100A, FGT100D
Dave_Hall
Honored Contributor

The issue is more about getting the popup message to appear - if a site is on HTTPS, so would be the popup warning message. This would be no problem if the fgt is configured for deep packet inspection. 

 

This KB article was recently posted (in the last 3 months or so) that "may" address this, though it doesn't say for which firmware version it is for, nor if it will work for web-based control apps. 

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37342

 

kcerb wrote:

So it's about HTTPS.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors