static url filter does not work when cathegory is blocked

Forum|Forum|6 years ago
April 24, 2020
1 reply
8184 views

I have this url:

https://scnem2.com/goto.php?l=6zyco3.14kg484,u=ca0e6e8374547cefdd49da232d825666,n=2mt9d.301e22,art_id=2mt9h.9ih9hb

scnem2.com is rated in cathegory "information technology" by fortiguard which is blocked in webfilter here.

I set up a static url filter rule for the url with type exempt.

Thus this rule does not match and I get blocked by utm cathegory.

I don't want to allow this cathegory or set a rating override for the domain. I want my users to be able to open just this one url.

This is all in one webfilter profile that applies to the used policy. I see in traffic and webfilter log that the correct profile is used.

Also diag test app urlfilter 3 on cli shows no match for this url unless I unblock or orverride the cathegory.

Is this no longer possible? I remember that this worked in FortiOS before 6.x .

localhost

Visitor III

Are you using Type: Simple and Action: Exempt in the static url filter?

sw2090Author

SuperUser

yes that is what I do. I know accept would still trigger the utm filters and i use type simple. Even using only part of the url and makeing a wildcard rule with that does not work.

Dave_Hall

New Member

If the fgt is not using full SSL inspection, it will likely only sees *.scem2.com. Another thing is that url appears to be redirected to the www.loeffler.at domain, so you may need to do exemption on that url too. May want to check to see how the fgt handles url redirects.

senem2 site certificate.gif

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded