Hi there,
what do you think is the best way to Archive the following:
- Webtraffic should be authenticated, except for some defined URLs which should reachable for all People.
What i thought i am good to go with an explicit proxy rule
1. rule
src: internal lan
dst: any
Action: accept
webfilter: defined static URL filter to allow certain urls
2. rule
src: internal lan
dst: any
Action: authentication
But it seems it works like an firewall rule, while the traffic rule applies (dst: any) the rule applies and nothing is explicit forbidden everything is allowed. So how Archive this with an URL filter?
Because there are certain drawbacks to use FQDN adress rules (performance, dns spoofing and so on) we want to avoid it but dont know how.
Any ideas on this or cant we archive this with fortigate?
