Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
truongnctrieu
New Contributor

How to allow HTTPS URL on fortigate 300C

Dear IT Folks,

 

I'm facing with issue while trying to allow https URL on my FW Fortigate 300C. I'm using v5.2.13,build762 (GA).

Firstly, due to company policy, we have to block all of URL. I was set up URL ="*", Type=Wildcard, Action="Block"; Hence, no one can access to internet.

However, I allow multiple certain URL for accessing. For example: I was set URL= *.meeting.nice2meet.us/*, Type=Wildcard, Action="Allow".

But user can only access it if those website is using HTTP, they cannot access if website using HTTPS.

Please help me to take a glance and give me some idea.

Thanks a bunch.

1 Solution
Sudarsan_Babu

1. First enable inspect all port 

PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.  

 

 

 

 

Regards,

Sudarsan Babu P

View solution in original post

Regards, Sudarsan Babu P
6 REPLIES 6
Markus
Valued Contributor

Hi,

 

Welcome to the Forums.

 

Q: Did you have a policiy that allows https? Q: Did you setup SSL Inspection on that policy? Q: Is the policy ordered bevore the deny policy?


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
truongnctrieu

Hi Markus,

 

Thanks for your reply.

- As far as I know, I have no idea about how to create a policy that allow https. Could you give me an advice for this.

- On SSL/SSH inspection, I already uncheck HTTPS (443) to unblock this protocol.

- I have multiple policy for each department which allow specific URL, and the last one is deny all of URL.

 

If I configured something wrong, kindly give me some suggestion.

Sudarsan_Babu

Dear Truongnctrieu,

 

You need to check HTTPS and allow webfilter category in excempt SSL Insecption. 

HTTPS site will work. 

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
truongnctrieu

Thanks for your reply Sudarsan Babu,

 

I have  a little bit confusion in exempt SSL Inspection; Hence, I did not allow HTTPS traffic go through Fortigate. Could you teach me how to allow this webfilter.

 

Ex: In Policy & Object > SSL/SSH Inspection/ I already uncheck HTTPS 443. I thought that will not check HTTPS and allow the traffic. But client still not access to HTTPS URL. 

Sudarsan_Babu

1. First enable inspect all port 

PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.  

 

 

 

 

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
truongnctrieu

Sudarsan Babu wrote:

1. First enable inspect all port 

PFA for reference & Under Exempt for SSL Inspection you need to add https category website to allow.  

 

 

 

 

Thank you Sudarsan Babu!! It works like a charm. You are my life saver

Labels
Top Kudoed Authors