Skip to main content
qweqwelani
qweqwelani
New Member
February 14, 2018
Question

DNS Static URL Filter

  • February 14, 2018
  • 1 reply
  • 15250 views

Hi,

I am trying setup fortigate (version 5.2) to block every DNS request except the requests querying for whitelisted domains.

 

I've setup fortigate unit to use FortiGuarde DNS servers and also use fortigate as my internal DNS server. Then I've created Web Filer policy to block everything but  DNS request to resolve google.com

 

I've applied this policy to firewall rules. But I am still able to resolve every domain.

What am I doing wrong? And is it even possible to achive my goal?

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 14, 2018

    I haven't used DNS web filtering myself. But based on the online help description below:

    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_DNSInspectionProfile.htm

    category filtering seems to be necessary.

    Try configure them in local categories instead of Static URL Filter to see if it works. If not, you probably need to open a case at TAC.

    qweqwelani
    qweqwelaniAuthor
    New Member
    February 15, 2018

    Unfortunately category filtering is not licensed for my device. I've tried it anyway, but without any luck.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 15, 2018

    Mostlikely at least that part of FortiGuard license/subscription is required. You can verify with a sales or TAC.

    Terms & ConditionsAccessibility statement