Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff

Created on ‎05-02-2020 02:32 AM Edited on ‎09-26-2024 11:58 PM By Community Manager

Article Id 192151

Technical Tip: Static DNS filter to allow/block DNS queries

Description


This article describes how to configure static DNS filter users which allows/blocks specific domains.

 

Scope

 

FortiGate.

Solution


Three types of URL can be defined.

 

  1. Simple: a simple URL-Filter entry could be a regular URL.

For example: www.fortinet.com

  • URL: fortinet.com
  • URL: fortinet.com/support
  1. Wildcard: a wildcard can be used to include one or more URLs to a simple URL

For example:

  1. Regular Expressions (regex): regex is used to include one or more URLs related -or not related- to a pattern using some Perl syntax

For example:

  • '*' symbol means: match 0 or more times of the character before the symbol, but no match with any character.

For example:'fortinet*.com' will match 'fortinetttttttt.com' but not 'fortinetsupport.com'.
'/i' symbols means: makes the pattern case sensitive.

For example:'/FORTINET/i' will not match with 'fortinet'.
'^' symbols means: at the beginning of the string.

For example:'^fo' will match 'fortinet.com'

'.' symbol means: match the same or different character than the one before the symbol, but is followed by the rest of the sentence.

For example:'fortinet.com' will match 'fortinetacom', 'fortinetbcom', 'fortinetzcom'.

Configuring a domain filter.

From GUI.

 

  1. Go to Security Profiles -> DNS filter.
  2. Select a profile to edit.
  3. Under Static Domain filter, select checkbox 'Domain Filter', and select 'Create New'
  4. Enter the URL, without the 'http', for example: www.example*.com.
  5. Select a Type: simple , regular Expression, or wildcard. In this example and select 'Wildcard'.
  6. Select the action to take against matching URLs: redirect to block portal, allow or monitor.
  7. Select 'Enable'.
  8. Select 'OK'.

Example:
Untitled1.gif

 

 

From CLI.

 

config dnsfilter domain-filter
    edit <ID>
        set name <name>
        config entries
            edit <ID>
                set domain <domain>
                set type <simple/regex/wildcard>
                set action <block/allow/monitor>
                set status <enable/disable>
            next
        end
end

 

1.PNG

1.PNG

Note:
If the action is set to 'Redirect to Block Portal' for any domain then performing the 'nslookup' for that domain will give the IP 208.91.112.55 (fortinet-block-page-55.fortinet.com) if redirect portal IP is set to FortiGuard default in the DNS profile settings.

39877
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.