If you are managing the network and need to allow a legitimate site:
Sites are often blocked because they are dangerous. Bypassing these filters can expose your device or network to malware, ransomware, or phishing attacks.
The issue arises when legitimate, non-malicious traffic is mistakenly identified as a threat and blocked. This can happen with streaming services, social media, and various entertainment websites that are categorized under lifestyle and entertainment. For individuals looking to access these sites for relaxation, education, or staying connected with friends, being blocked can be frustrating.
Tools like stunnel can wrap non-encrypted traffic inside a standard TLS layer, making it look like normal HTTPS traffic. If you are managing the network and need
FortiGuard is a comprehensive security solution developed by Fortinet, a leading cybersecurity company. Its Intrusion Prevention system (IPS) is designed to detect and prevent malicious activities on networks and systems. FortiGuard's IPS uses advanced threat intelligence, behavioral analysis, and machine learning algorithms to identify and block potential threats in real-time.
— Review your organization’s internet usage policy to understand what’s permitted and when.
If the blocked traffic is verified as safe and necessary for your organization's operations, administrators can safely bypass the specific restriction using official FortiOS mechanisms. Method A: Creating an IPS Signature Exception This can happen with streaming services, social media,
This effectively creates a complete bypass where FortiGuard doesn't inspect the traffic at all.
The most common method for individual users is routing traffic through an external server. By using a Virtual Private Network (VPN) or a secure proxy, the traffic is encrypted before it hits the FortiGate firewall. Since the firewall cannot inspect the encrypted payload of the VPN tunnel, it often cannot apply specific IPS signatures to the traffic [3, 4]. 2. HTTPS/SSL Inspection Gaps
Fortinet's FortiGate firewalls, powered by FortiGuard Labs, are among the most robust network security solutions available. They provide deep packet inspection (DPI), Intrusion Prevention Systems (IPS), and AI-powered web filtering to block threats and undesirable content. FortiGuard is a comprehensive security solution developed by
This technique encapsulates IP traffic within standard DNS queries (NSLOOKUP/TXT records). Because networks rarely block DNS requests to external resolvers, traffic can slip past the IPS. However, modern FortiGuard systems often have specific signatures to detect high-frequency DNS tunneling patterns.
When SSL deep inspection is causing access issues for specific legitimate sites, you can exempt them using FQDN objects:
Locate the specific applied to the traffic policy.
If you're a developer or administrator looking to ensure that your systems are secure while allowing necessary access, consider: