Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AlexC-FTNT
Staff
Staff

Created on ‎03-10-2022 09:34 AM

Article Id 206632

Technical Tip: FortiGate Static URL filter actions explained: Allow, Block, Exempt, Monitor

Description

There is a lot of confusion related to these actions and what is to be expected of them.
Trying to summarize here when to use which one.

 

Scope

FortiGate Static URL filter with FortiGuard category filter

FortiGate Static URL filter without FortiGuard category filter

 

Solution

Static URL filter with FortiGuard category filter

-- this can be used in two cases:

> when a specific domain needs to be allowed is blocked by the category

   (and I do not want to allow the entire category)

> when a specific domain needs to be blocked is allowed by the category

   (and I do not want to block the entire category)

In both of these cases, it is recommended to use Web Rating Overrides and move that specific site to a new custom category, with a correct action applied in the WebFilter profile: Allow or Block, according to the needs (by default they are disabled - neither Allow, nor Block).

AlexCFTNT_1-1646921721669.png

 

This is not feasible in case there is a need to block a very specific subdomain, in which case there is a need to use a wildcard in Static URL filter, with the following actions:

Exempt: bypasses following UTM services (see link), including FortiGuard category web filter

Block: blocks the site. No further UTM or action taken

Allow: allows the attempt from the Static URL filter. Next used: Category filter, AV, etc.

Monitor: (=Allow+'passthrough' Log)

So, if both FortiGuard category based filter and Static URL filter are used, if it is required to Allow access to a site regardless of the category, then use "Exempt"

 

Static URL filter without FortiGuard category filter

Exempt: bypasses other UTM services if used in policy (see link), Category filter already disabled

Block: blocks the site. No further UTM or action

Allow: allows the attempt from the Static URL filter. Next used: Category filter, AV, etc.

Make sure that there is no default "Allow all sites" option, so this Allow will only permit access to the URLs added here, and deny other access. If there is a need to block 10 URLs, and allow the rest, add those URLs first, with action "Block" then add a wildcard allow (to allow all the other URLs).

Monitor: (=Allow+'passthrough' Log) for this particular URL

AlexCFTNT_0-1646921646472.png

 

References
Technical Tip: Use static URL filtering without FortiGuard Web Filter license

Technical Note: Selecting security services for a URL with action set as “exempt” in URL filter

Technical Tip: Customize URL static filter's 'Exempt' Action

http://docs.fortinet.com/document/fortigate/6.2.0/cookbook/615462/url-filter

 

21053
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.