Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sashish
Staff
Staff

Created on ‎12-27-2022 05:19 AM

Article Id 241139

Technical Tip: How to block URL category and Application in policy based NGFW-mode

Description This article describes how to block URL categories without using a Web filter profile in NGFW-mode. 
Scope FortiGate 7.2.x.
Solution

It is possible to directly block the URL category and Application in the firewall policy. 

In policy based NGFW-mode, Firewall policy would be seen by 'Security Policy'. 

 

By default the FortiGate is in profile mode. To change the FortiGate in policy-based, use the below command. 

 

krypton-kvm27 # config system settings 

    set ngfw-mode policy-based 

 

Note.

All the policies will be wiped off if select policy based. 

It is necessary to log out from GUI and log in again to see 'Security Policy' instead of 'Firewall Policy'. 

 

1) Go to Policy & Objects -> Security Profile

 

sashish_0-1672144605113.png

 

It will block all the Social Networking websites which will hit the rule.

In this way, there is no need to apply Web Filter profile. 

 

Related documents:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Profile-based-policies-vs-Policy-based-pol... 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/978598/profile-based-ngfw-vs-policy-base... 
948
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.