Hi All,
I'm trying to make sense of this 200D unit whereby the fortigate categories were used to blocked all pornography.
However when it was tested, www.pornhub.com is accessible. For comparison sake, www.playboy.com is blocked.
I'm open to correction here, but by design the unit will contact the fortiguard services before it allows the access right? if so, it should be getting the updated ratings right? Is there a way to refresh the ratings if it's cached locally.
I think the problem is not directly related to rating.
Pornhub and youporn.com have recently switched to HTTPS, the latter today. That may be the reason why the URL on the blacklist doesn't trigger. I don't think you would need Deep Inspection, though - if anyone could comment on this I'd be glad: if WF working regardless of the protocol, judging just by the URL?
Pornhub now uses https. Maybe you don't have SSL inspection activated ?
Fortigate : 80E, 80F, 100E, 200F, 300E : 6.4.6
FortiAnalyzer, ForticlientEMS
Hello,
Did you enable certificate-inspection under "SSL Inspection" or "set ssl-ssh-profile <>"? ede_pfau and mike_dp are right, if a site uses HTTPS, you have to use at least the default "certificate-inspection" profile to make the FortiGate scan the HTTPS SNI - the Client Hello hostname or the SSL Certificate common name.
HoMing
Dear All,
thanks for your time in replying.
The URL assessible is http://www.pornhub.com. Not HTTPS.
And SSL Inspection has been turned on too.
Hence could not make sense why it does not work.
upon checking accessing http://www.pornhub.com redirected to HTTPS.
Fortigate Newbie
I had the same problem as @theArties until I changed back the inspection mode in the web filter profile to Proxy (tried flow mode before because fortiguard categories didn't seem to work at all). After the change "adult" pages with https protocol are been blocked correctly (provided that "certificate-inspection" is activated in the policy).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.