Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
e-novinfo
New Contributor

Created on ‎08-18-2023 03:08 AM

Strange webfilter behavior (FortiVM 7.4)

Hi, I'm facing a strange webfilter behavior for example with the category Streaming and Media Download.

 

I set my webfilter accoring to the manual, the firewall policy and webfilter are both proxy-based.

 

I put a Warning on Streaming and Media Download with 5 seconds for testing purposes, works great with dailymotion.com but doesn't work for youtube.com. On Youtube I got the first Warning which I unblock, but I never get a second.

 

I tried to set up a Testlist in Web Rating Overrides with dailymotion.com and youtube.com, again with a Warning in my Webfilter. Same result, works great with Dailymotion but doesn't work for youtube.com.

 

Any help would be appreciated.

 

Labels:
493
0 Kudos
5 REPLIES 5
pgautam
Staff
Staff

Created on ‎08-19-2023 09:56 AM

Hi @e-novinfo 

 

Thank you for posting your query.

For the SSL Inspection in policy are you using certificate inspection or deep-inspection?

Try testing this with the deep inspection.

https://community.fortinet.com/t5/FortiGate/Technical-Note-Differences-between-SSL-Certificate-Inspe...

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

 

451
e-novinfo
New Contributor

Created on ‎08-24-2023 01:31 AM

In fact, I set a certificate-inspection-TEST in SSL/SSH inspection with Full SSL Inspection Method. I guess it behaves like deep inspection profile.

 

I also tried to set deep inspection profile in my policy as you adviced me but I got the same results : Dailymotion works fine, Youtube and Odissey don't work.

417
0 Kudos
pgautam
Staff
Staff
In response to e-novinfo

Created on ‎08-24-2023 03:26 AM

HI @e-novinfo 

 

Thank you for posting an update.

 

Below are the observations from the LAB:-

++ When we set a warning action for the web filter category in this case user gets a replacement message from Fortigate to select whether they want to proceed or go back

dailymotion.PNG

 

 

++ In the case of youtube we will not get the replacement message as youtube handles the replacement message differently.

In place of are placement message, it shows offline internet access youtube.PNG

 

++ Using the warning message we will be able to achieve the YouTube video control

++ You can achieve it by using a video filter

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-restrict-YouTube-channels-using-vid...

 

In 7.4.0 fortiOS there is an improvement regarding the replacement block page:-

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/738131/replacement-messages-...

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

407
e-novinfo
New Contributor
In response to pgautam

Created on ‎08-24-2023 07:38 AM

Thanks for fast reply, unfortunately we can't set a Warning with the video filter, it can only block, allow or monitor stuff and the link you provided talks about youtube channels filtering, so it's not about my problem.

The fun fact is that I also never see the youtube "offline internet access" message.

391
0 Kudos
pgautam
Staff
Staff
In response to e-novinfo

Created on ‎08-24-2023 08:59 AM

Hi @e-novinfo 

 

In the lab, I have tested with the proxy-based policy and deep inspection.

Before testing make sure to clear the existing session or check from the incognito mode.

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

383
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.