FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hbac
Staff
Staff
Article Id 345503
Description

This article describes how to choose which security profiles to exempt (bypass) when a URL is configured under Static URL Filter of the Web Filter profile and the action is set to exempt. In this example, 'fortinet.com' is exempted. 

 

exempt.PNG

 

In this scenario, traffic to 'fortinet.com' will be allowed to bypass further inspections from all security profiles by default.

Scope FortiGate.
Solution

It is possible to specify which security profile to bypass in the CLI by using the following commands (not available in the GUI): 

 

config webfilter urlfilter

    edit 1
        set name "Auto-webfilter-urlfilter_rmpau71ya"
            config entries
                edit 1
                    set url "fortinet.com"

                    set action exempt

                    set exempt ?   <-- Use ? to see available options. Multiple options can be selected separated by space.
av                     AntiVirus scanning.
web-content            Web filter content matching.
activex-java-cookie    ActiveX, Java, and cookie filtering.
dlp                    DLP scanning.
fortiguard             FortiGuard web filtering.
range-block            Range block feature.
pass                   Pass single connection from all.
antiphish              AntiPhish credential checking.
all                    Exempt from all security profiles.
                next
            end
    next
end