Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mik785
New Contributor

Difference between allow and exempt in web filter

hello I am a beginner in the use of fortigate systems I have just configured a webfilter with a private policy and a public and I have authorized certain site in the webfiltering in the public policy I have mit certain site to allow and that does not work not and when I was exempted it worked I wondered for my personal knowledge what was the difference between

 

 

ps.sorry for my english

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor II

I don't remember, or have never learned, exact scope of "exempt" or how much/far it would affect to. But at least know that in the webfilter profile it would go through URL filters first then Category filters, and inside of category filters, go through local categories first and the rest based on the order you see.

Then if you exempt at a point of this chain, it would stop checking the rest and exit the process. Ex. if you exempt an URL in URL filters, it would never go to category filtering checks, while if you allow one URL in URL filters, it would still go through checking category filters.

Dave_Hall

Taken from https://docs.fortinet.com/document/fortigate/6.0.0/handbook/164551/static-url-filter

 

 The difference between the two, is Allow will continue with the UTM processes.  Exempt will tell the fgt to stop processing further utm features.  See the above link for further details on this and the other URL filter actions. 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Toshi_Esumi
Esteemed Contributor II

Thanks Dave. Now I know the scope.