Skip to main content
itnnetworks
itnnetworks
Explorer
May 12, 2022
Solved

Web Filter blocks IP

  • May 12, 2022
  • 5 replies
  • 14440 views

Hello, 

 

We have a fortigate 80F. There is a Firewall Policy, which has WebFilter enabled for traffic from LAN to Internet.

 

The problem is that we are trying to access a sftp with IP. I see in the logs that the IP is categorized as Unrated. 

I created a new Web Rating override and in the URL I've added the IP we are trying to access (The override is to use a different category to allow the access). Obviously the URL field is for URLs, so the IP is still been treated as unrated. To overcome this issue I have created a new Policy rule so the traffic for this specific IP is not using the WebFilter UTM.

Is there any way (except making the Unrated category allowed) to overcome this issue?

Best answer by seshuganesh

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

5 replies

seshuganesh
Staff
seshuganeshAnswer
Staff
May 12, 2022

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

    danyal
    danyal
    Explorer
    February 18, 2025

    Hi @seshuganesh,

    Just curious to know, why are you using the IP as a wildcard?

    Also, I'd like to know if this is still the best practice?

    sw2090
    SuperUser
    sw2090
    SuperUser
    May 12, 2022

    yeah what seshuganesh says :)

    Webfilter is made for FQDN not for ips. I also recommend using the url filter for that with an exempt rule like he described it.

      vponmuniraj
      Staff
      vponmuniraj
      Staff
      May 12, 2022

      Hi, 

       

      Web filter works on HTTP / HTTPS ports. 

       

      Can you paste the log as well as the firewall policy you are referring to? 

       

       

      Regards,

      Vignesh.

        sw2090
        SuperUser
        sw2090
        SuperUser
        May 12, 2022

        that too, vponmuniraj :)

        Also it does not support wildcards while the url filter does.

        And as said webflter is made for fqdns not ips.

        Alas that is what TAC told me once :)

        itnnetworks
        itnnetworksAuthor
        Explorer
        May 20, 2022

        Hi all, 

         

        @seshuganesh solution is working. We can see now in logs that the traffic is marked as passthrough. Thank you all! 

        Terms & ConditionsAccessibility statement