| Description | This article describes how to block URL categories without using a Web filter profile in NGFW-mode. |
| Scope | FortiGate 7.2.x. |
| Solution |
It is possible to directly block the URL category and Application in the firewall policy. In policy based NGFW-mode, Firewall policy would be seen by 'Security Policy'.
By default the FortiGate is in profile mode. To change the FortiGate in policy-based, use the below command.
krypton-kvm27 # config system settings set ngfw-mode policy-based
Note. All the policies will be wiped off if select policy based. It is necessary to log out from GUI and log in again to see 'Security Policy' instead of 'Firewall Policy'.
1) Go to Policy & Objects -> Security Profile.
It will block all the Social Networking websites which will hit the rule. In this way, there is no need to apply Web Filter profile.
Related documents: |
