Users often attempt to circumvent FortiGuard restrictions using these common methods, though many corporate environments actively monitor and block these tools:
: Switching to a personal mobile network entirely bypasses the organization's firewall. VPNs & Stealth Protocols
What is the specific or ID listed in your FortiGate logs? What application or website is being blocked? What FortiOS version is your firewall currently running?
Change the dropdown for that signature from Block to Monitor (to log it without breaking the connection) or Pass . Click Apply . Method B: Exempting Specific IP Addresses (IPS Exempt) What FortiOS version is your firewall currently running
A VPN is often the most effective bypass method. It creates an encrypted tunnel that hides your traffic from the FortiGate firewall, preventing it from inspecting or blocking your DNS requests.
For cross-site scripting (XSS) testing, obfuscating scripts using HTML entities ensures the browser parses the execution, but the gateway only sees safe alphanumeric strings. 3. Encryption (SSL/TLS Encapsulation)
Network administrators typically counter this by blocking the "Proxy Avoidance" category in FortiGuard and configuring application control sensors to block "Botnet and Proxy" signatures. However, these tools are constantly updated to avoid detection. Method B: Exempting Specific IP Addresses (IPS Exempt)
FortiGuard IPS (Intrusion Prevention System) is a key component of Fortinet's security fabric, providing deep packet inspection to identify and block malicious traffic based on a vast database of attack signatures updated by FortiGuard Labs in real time. For a network administrator, encountering a block means the system is working as intended. However, several legitimate scenarios might require an administrator to "bypass" an IPS inspection: mitigating a false positive (blocking safe traffic), allowing a specific application that triggers a rule, or creating a policy exception for maintenance windows.
To stop this bypass, administrators must create an exception inside the Application Control profile to specifically . This action blocks the bypass itself, ensuring that the Web Filter block remains effective.
Some bypass techniques (especially protocol-level manipulations) could disrupt network services or trigger security alerts. To stop this bypass
Log into the FortiGate management console and navigate to . Locate the log entry corresponding to the blocked timestamp and IP address. Note the specific Signature ID and Name that triggered the block. Step 2: Create an IPS Exception
Adjust the HTTP, FTP, or SSH inspection profiles to allow specific anomalies that are known to be safe within the local environment.