Skip to Content

Replacement Message not visible for all websites when accessing blocked websites by web filter

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes why sometimes the Replacement Message is accessible and sometimes it is not when accessing blocked websites.

Scope

FortiGate, Google Chrome, Edge, Firefox.

Solution

When accessing websites blocked by a web filter, two scenarios can occur.

Scenario 1

In this scenario, it shows a message when accessing the blocked websites.

In this scenario, it shows a message when accessing the blocked websites.

After selecting ‘Proceed’, it is possible to access the replacement message.

After selecting 'Proceed', it is possible to access the replacement message.

Scenario 2

In this scenario, there is no option to proceed to the website and it is showing the error message ‘An application is stopping Chrome from safely connecting to this site’ and ‘”Fortinet” wasn’t installed properly on your computer or the network:’.

In this scenario, there is no option to proceed to the website and it is showing the error message 'An application is stopping Chrome from safely connecting to this site' and '"Fortinet" wasn’t installed properly on your computer or the network:'.

The reason for this behavior is the HSTS (HTTP Strict Transport Security) which is implemented by the website.

HSTS is used by websites as a protection from MiTM attacks and always secures connection by redirecting the website to HTTPS.

Since FortiGate Replacement Messages involve MiTM, the browser will not allow to proceed to the Replacement Message due to HSTS applied by the website.

In this case, the solution is to install the CA certificate used in the SSL inspection profile to proceed with the Replacement Message without any issues.