Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dhruvin_patel
Staff
Staff

Created on ‎10-08-2024 06:01 AM Edited on ‎07-29-2025 10:14 PM By Community Manager

Article Id 347666

Technical Tip: Allow all website using static url filter without using Fortiguard category based filter

Description

This article explain how to allow all the website using static url filter when the option FortiGuard category based filter is disabled.

 

kb-url.PNG
Scope FortiGate.
Solution
  1. Enable the URL filter option under the Static URL filter.
  2. Select 'Create New' to create a new entry in the URL filter.
  3. Select 'Wildcard'
  4. Set Action 'Allow' with Status Enable.
  5. In the URL field keep *, which means it will allow anything.

 

kb-url2.PNG

 

The profile has been configured in policy and all the traffic will be allowed. To block certain websites, create the URL filter entry above the allow rule.


In this example, create the entry to block website 123.net and later drag the entry above the first entry.

 

kb-url3.PNG

 

CLI reference:

 

config webfilter urlfilter
    edit 1
        set name "Auto-webfilter-urlfilter_xaoaep1xc"
            config entries
                edit 1
                    set url "123.net/*"
                    set type wildcard
                    set action block
                next
                edit 2
                    set url "*"
                    set type wildcard
                    set action allow
                next
            end
        next

    end

config webfilter profile
    edit "default"
        set comment "Default web filtering."
        set feature-set proxy
            config web
                set urlfilter-table 1
                set safe-search url header
            end

 

Additionally, check the forward logs or web filter security event to verify if the website is being blocked:

 

date=2024-10-07 time=19:40:13 eventtime=1728348013086626754 tz="-0500" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="root" urlfilteridx=2 urlfilterlist="Auto-webfilter-urlfilter_7yt7kaqvq" policyid=1 poluuid="68f35182-c282-51ed-aaa2-77125bd2803c" policytype="policy" sessionid=848250 srcip=172.16.254.200 srcport=63908 srccountry="Reserved" srcintf="Test" srcintfrole="lan" srcuuid="xxxxx" dstip=216.109.194.6 dstport=443 dstcountry="United States" dstintf="wan1" dstintfrole="undefined" dstuuid="xxxxx" proto=6 service="HTTPS" hostname="www.123.net" profile="default" action="blocked" reqtype="direct" url="https://www.123.net/" sentbyte=649 rcvdbyte=0 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high"

 

The above log indicates the website is getting blocked due to static URL entry 2 (urlfilteridx=2).

image2.PNG

 

Related document:

Static URL filter
952
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.