| Description | This article describes how to block all .exe files when it is necessary to allow a specific URL to download an exe file without enabling multiple other UTM features on FortiGate. |
| Scope | FortiGate 7.4 onwards |
| Solution |
Requirement: Block all exe files but need to allow specific URL to download an exe file without enabling multiple other UTM features on FortiGate.
Solution: Step 1: Create Filter Filter profile to block all .exe files. Security Profiles -> Filter -> Create. Provide a Name for the profile and select protocols(HTTP, FTP etc.,) to be scanned. Direction -> Both and File type -> Exe file, and set the action to Block:
Step 2: All .exe files are blocked as per expectation: Test the download using 7 zip download and getting failed to download:
Step 3: To allow only specific URL to download the .exe file instead of creating other UTM profiles to bypass scan, add the URL to the SSL/SSH Inspection -> Exception from SSL Inspection to already enabled SSL/SSH Inspection profile in the policy:
First find the URL, under the Log and Report -> Security Events, find the URL which is blocked. In the example, it is objects.githubusercontent.com.
Add URL address object with FQDN under:
Second, apply the address object to the SSL/SSH Inspection profile which is used in the policy:
Once applied to the address object and saved, test the download from the URL again:
Able to download the file:
|
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDirector
- FortiDevSec
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Block all exe files but allow speci...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.