FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vifi
Staff
Staff
Article Id 370123
Description This article describes configuring DNS Filter to allow a website that DNS Filter blocks.
Scope FortiGate v7.2.
Solution Sometimes a website is blocked by a DNS Filter.

blocked.png

 

Example:
https://accounts.o2.co.uk/ is blocked by DNS Filter.

The category to which this website belongs is allowed in DNS Filter. However, the website gets blocked.

  1. Perform a nslookup.
 
C:\Users>nslookup accounts.o2.co.uk
Name:    d3c17wgn4zp1k7.cloudfront.net
Addresses:  18.172.153.90
          18.172.153.59
          18.172.153.12
          18.172.153.33
Aliases:  accounts.o2.co.uk
          lbprdcachetieraccountsproxy.o2r53ctp.co.uk
          lbprd0cachetieraccountsproxy.o2r53ctp.co.uk
  
  1. Configure the DNS Filter profile.

     

Note that adding only 'accounts.o2.co.uk' is insufficient.
The other hostnames that are related to this website should be added as well.

dns filter static.png
The same logic could be applied to other websites when facing this issue.