Description
This article describes information about the function of 'Reputable web sites' and how to view the list of trusted URLs.
Scope
FortiOS, FortiGuard, FortiGate.
Solution
'Reputable websites' is a white-list database that is updated and synchronized through FortiGuard.
This database is maintained by the FortiGuard team and it contains a list of reputable domain names that can be excluded from SSL deep inspection when 'Reputable websites' are enabled under SSL/SSH Inspection.
The list of trusted URLs is visible by navigating to System -> Reputation and searching for IP or Domain.
If the Reputation section is not visible under the System tab, enable the 'Domain & IP Reputation' field under 'Feature Visibility'.
Note:
'Domain & IP Reputation' was removed as of FortiOS 6.4.2GA, and its feature was merged into the 'IP address tooltips' feature to become more context-sensitive. As of FortiOS 6.4.2GA, to check IP reputation, use IP address tooltip and ISDB IP lookup. Alternatively, the following API call could retrieve a trusted URL list/database in JSON format:
CLI Commands:
config system settings
set gui-domain-ip-reputation enable <- To enable Domain & IP Reputation under Feature Visibility.
end
config firewall ssl-ssh-profile
edit <name_of_the_ssl-ssh-profile>
set whitelist enable <- To enable 'Reputable websites' under SSL/SSL Inspection profile.
next
end
Note:
As of FortiOS 7.0, 'whitelist' was renamed to 'allowlist' in the CLI:
config firewall ssl-ssh-profile
edit <name_of_the_ssl-ssh-profile>
set allowlist enable
end
