Description | This article describes how to restrict access to specific websites using the FQDN address object. |
Scope | All. |
Solution |
Create a FQDN address object/s for the restricted websites.
In this case, the restricted website is 'example.com':
config firewall address edit "Restricted_website" set type fqdn set fqdn "example.com" next end
Firewall policies are configured to allow access to restricted websites and block the rest of the traffic.
config firewall policy edit 20 set name "Allow_Restricted_website" set srcintf "LAN" set dstintf "wan1" set action accept set srcaddr "LAN" set dstaddr " Restricted_website " <---------- FQDN address object. set schedule "always" set service "ALL" set logtraffic all set nat enable next
edit 21 set name "Deny" set srcintf "LAN" set dstintf "wan1" set action deny set srcaddr "LAN" set dstaddr "all" set schedule "always" set service "ALL" next end Still, websites are not loading for the clients as DNS queries are failing because there is no policy to allow DNS traffic.
Once DNS servers are added to the policy, websites start working.
Example of policy below:
config firewall policy edit 20 set name "Allow_Restricted_website" set srcintf "LAN" set dstintf "wan1" set action accept set srcaddr "LAN" set dstaddr " Restricted_website " “DNS_Server” set schedule "always" set service "ALL" set logtraffic all set nat enable next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.