Description |
This article describes that since FortiProxy version 7.0, the FQDNs configured in the GUI tab 'URL match' or in the CLI option '# config web-proxy url-match' will match top-down.
This means that the order in which the FDQNs are added will matter for the correct matching, the first hit will match. |
Scope |
For FortiProxy version 7.0.x and above. In version 2.0.x the configured FQDNs did not match top-down. |
Solution |
The order of the added FQDNs can only be changed via CLI. There is no option in the GUI to modify the order.
In the example below traffic for the subdomains of domain.tld should not be sent over the proxy forwarder. While traffic for domain.tld should be sent over the upstream proxy.
Due to the order the domains subdomain1.domain.tld and subdomain2.domain.tld will NOT match as domain.tld will match first.
# config web-proxy url-match
To resolve this modify the order as follows and move domain.tld after subdomain2.domain.tld :
# config web-proxy url-match edit "domain.tld"
Note. The CLI offers the 'move' command to move domain.tld after the subdomain2.domain.tld
# move domain.tld after subdomain2.domain.tld |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.