Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vbharath_FTNT
Staff
Staff

Created on ‎04-23-2015 03:35 AM Edited on ‎02-05-2024 12:28 AM By Moderator

Article Id 190163

Technical Tip: Disabling HTTPS replacement messages for explicit web-proxy traffic

Description

 
This article explains how to disable HTTPS replacement messages for explicit proxy traffic.


Solution

 
Disabling HTTPS replacement messages is helpful to avoid certificate errors when an HTTPS website is blocked by the FortiGuard Web filter/URL filter.

This setting is useful when SSL deep inspection is not used on the FortiGate unit to avoid certificate errors while accessing HTTPS websites.

Without SSL Deep scan, FortiGuard Web filter/URL filter can extract the hostname from the CN field in the certificate or the SNI extension in TLS extended client hello to rate the websites.

Note then when the replacement message is disabled, the user will not get any message on the browser when access to the website is blocked.

Configuration CLI:
 
config web-proxy explicit
    set https-replacement-message disable
end
11054
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.