Description |
This article describes the difference between the 'Allow' and 'Exempt' actions in static URL filter configuration. |
Scope |
In the Web UI, the static URL filter and FortiGuard category filters are both located within the Web filter profile configuration:
However, in CLI and in FortiOS in general, the static URL filter list is not part of the Web filter profile, instead it is configured separately as follows:
# config webfilter urlfilter Then applied to the WebFilter profile as follows:
# config webfilter profile When FortiGate performs a web filter check, it will first check the static URL filter list (if applied to the profile) and based on the action, will then perform the FortiGuard category check.
'Action' descriptions in Static URL see bellow:
- 'Block' -> destination is blocked and session dropped, no further category check is needed.
- 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action.
- 'Exempt' -> destination is exempted from further inspection and traffic is allowed. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.