Re: Filter blocks only insecured web sites
☄ Helpfulby zigfridus 2020/02/28 01:51:06
like Dave already stated your Fortigate will try to inspect the ssl certificate for the CN or ALT names and match that info to your web filter settings. If the info on the certificate does not 100% match with your filter, it will not block/allow the traffic, depending on what you have set. It will not inspect the packets themselves as this is encrypted traffic and cannot be read.
Best way to process your traffic is by enabling ssl "deep inspection", that way the Fortigate can inspect all packets and work on different levels to check and allow/block traffic according to your policies and utm profiles. It will however require you to by an official ssh certificate, or to install the self-signed fortigate certificate on your clients.
If you can't or don't want to use deep inspection you would mainly focus on dns and webfilter to check your traffic.