Web Filter Override setup on existing filter/IPv4 Policy

Hello,

I'll dig through your info here, I believe what I'm trying to do is just add the override to an existing IPv4 Policy.  The example I have is that some user's via LDAP can override but others can't.  I wanted to add the override group to a policy that exists. 

I think my real question is, does the "source" field in the IPv4 Policies act as an AND for multiple user's or groups?  So if the Source field includes "all (0.0.0.0/0)" AND the override group will it only work for the users in the override group?

I hope that makes sense.

-Stephen

tanr wrote:

Your link is for 5.2.x instead of 5.4.x, so this doesn't match exactly as it is handled a little differently.

 

I think the matching 5.4 documentation is in the "Using Alternate Profiles" section of the documentation from:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Web_Filter/Overriding%20FortiGuard%20website%20categorization.htm?

 

Or are you asking if you don't have to apply a web filter with overrides to an existing policy at all?  If you can just create multiple security policies, matching different source subnets/groups/users, with the security policies having different web filter profiles assigned?  

 

That is what I'm doing with 5.4.3 (with different subnets, though groups should work as well).  On the more open web filter I just set the higher risk areas that were allowed to "Warning" so users had to choose to specifically override the filter for a certain length of time, rather than turning on the "Allow users to override blocked categories" for specific users.