FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 241139
Description This article describes how to block URL categories without using a Web filter profile in NGFW-mode. 
Scope FortiGate 7.2.x.

It is possible to directly block the URL category and Application in the firewall policy. 

In policy based NGFW-mode, Firewall policy would be seen by 'Security Policy'. 


By default the FortiGate is in profile mode. To change the FortiGate in policy-based, use the below command. 


krypton-kvm27 # config system settings 

    set ngfw-mode policy-based 



All the policies will be wiped off if select policy based. 

It is necessary to log out from GUI and log in again to see 'Security Policy' instead of 'Firewall Policy'. 


1) Go to Policy & Objects -> Security Profile




It will block all the Social Networking websites which will hit the rule.

In this way, there is no need to apply Web Filter profile. 


Related documents: