Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pctechservices
New Contributor

Created on ‎02-27-2013 12:05 PM

Allow single user to bypass web filter rptocol

Hello all, Can anyone provide guidance on how to allow a signle user, whether it be by Ip or MAC, to bypass all web filtering? I have the user set up now as an override user but would like a permanent solution. Thanks for the help, Jay
7470
0 Kudos
4 REPLIES 4
rwpatterson
Valued Contributor III

Created on ‎02-27-2013 12:14 PM

Welcome to the forums. Fortigates don' t speak MAC exactly. If you use DHCP on the Fortigate, you can reserve an IP address for a MAC address. If the address will not change, just create a policy with that single IP address, and place it at the top of the list of IP policies. The policies are hit from the top down and the first good one gets the traffic. Hope that helps.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
3463
0 Kudos
pctechservices
New Contributor
In response to rwpatterson

Created on ‎02-27-2013 07:30 PM

Bob, Thank you for the guidance. Is it possible that I expand the question? I am not actually using the Fortigate as a DHCP server, I have a DC inside the network that provides this function. I have the user set with a static IP but still cant figure out how to add this policy. I have a Fortigate 50B. Any chance to elaborate a little with exactly what section to go to inside the Fortigate? Not the most versed in networking. Thank you for all the help. Jay
3463
0 Kudos
Rick_H
New Contributor III
In response to pctechservices

Created on ‎02-28-2013 01:55 PM

I think Bob probably included the bit DHCP on the FortiGate simply because you mentioned MACs. Where the user station gets the IP address is less important than setting up the reservation if you decided to do the exemption via IP. However, you could also use an identity-based policy to do this. Just create a group with only this user in it and then create the ID policy to check this group while assigning it no webfilter profile.
3463
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎02-27-2013 08:38 PM

This is a commonly requested feature and is listed in the Fortigate Cookbook...just search for " Excluding selected users from UTM filtering" .

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
3463
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.