Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcamacho1
Staff
Staff

Created on ‎10-05-2015 11:10 AM

Article Id 193956

Technical Note: One-arm urlfilter for HTTPs

Description
This article describes the additional steps prior configuring one-arm urlfilter for HTTPS. 
Solution
There is a procedure called "one-arm urlfilter" which is explained for the case of HTTP:

1. Independent from webfilter licence
2. Require of "one-arm ips" activation
3. Require static-to-BGP redistribution to populate "ips-dns" discovered routes
4. Blocking based on static urlfilter list

When the inspection requires HTTPs traffic being block additional steps are required prior configuring the urlfilter:

1. nslookup in order to confirm all possible IP addresses are being populated through static-to-BGP redistribution.
2. Capture packets and confirm the "Server Name" on the "Client Hello" SSL packet and this IURL is the one it is needed to be added in the urlfilter list.

Refer to the related article to perform one-arm urlfilter with HTTP web traffic. 

Related Articles

Technical Note: How to configure FortiGate to perform routing based on specific URLs

957
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.