In the Web UI, the static URL filter and FortiGuard category filters are both located within the Web filter profile configuration:
However, in CLI and in FortiOS in general, the static URL filter list is not part of the Web filter profile, instead it is configured separately as follows:
# config webfilter urlfilter
set name "test"
set url "example.com"
set exempt web-content
Then applied to the WebFilter profile as follows:
# config webfilter profile
set urlfilter-table 3 -> URL filter list '3' applied.
When FortiGate performs a web filter check, it will first check the static URL filter list (if applied to the profile) and based on the action, will then perform the FortiGuard category check.
'Action' descriptions in Static URL see bellow:
- 'Block' -> destination is blocked and session dropped, no further category check is needed.
- 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action.
- 'Exempt' -> destination is exempted from further inspection and traffic is allowed.