Web filtering in flow vs proxy mode - blocking facebook
We're using flow based at the moment due to recommendations from our distributor.
But we now seem to be hitting a bug... We have a webfilter set ut to block everything except certain url's. But regardless of what we do, we can't seem to be able to block facebook using that technique. Everything else seems to work as expected, except facebook.
Had Fortinet support online for two hours today without them being able to figure it out...
The only real tips they had was that it normally works better in proxy mode... But it didn't sound too convincing...
So I tried it now on a test unit (60D), and are able to reproduce the same result in flow mode. (Wildcard * block, and still facebook access from android phones)
And when I change the vdom to proxy mode it is, in fact, able to block facebook. With the exact same policy and webfilter.
Running FortiOs 5.6.3 on both test and production.
Anyone else seen this behavior?
So I guess we now have to consider changing from flow to proxy.. Any tips on things to verify before we make this change?
From what I've been told performance could suffer if we switch, any performance counters we should be aware of before we consider to do the switch on our production system?