Difference between allow and exempt in web filter

mik785 · ‎04-15-2020

hello I am a beginner in the use of fortigate systems I have just configured a webfilter with a private policy and a public and I have authorized certain site in the webfiltering in the public policy I have mit certain site to allow and that does not work not and when I was exempted it worked I wondered for my personal knowledge what was the difference between

ps.sorry for my english

Toshi_Esumi · ‎04-15-2020

I don't remember, or have never learned, exact scope of "exempt" or how much/far it would affect to. But at least know that in the webfilter profile it would go through URL filters first then Category filters, and inside of category filters, go through local categories first and the rest based on the order you see.

Then if you exempt at a point of this chain, it would stop checking the rest and exit the process. Ex. if you exempt an URL in URL filters, it would never go to category filtering checks, while if you allow one URL in URL filters, it would still go through checking category filters.

Dave_Hall · ‎04-15-2020

Taken from https://docs.fortinet.com/document/fortigate/6.0.0/handbook/164551/static-url-filter

The difference between the two, is Allow will continue with the UTM processes. Exempt will tell the fgt to stop processing further utm features. See the above link for further details on this and the other URL filter actions.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Toshi_Esumi · ‎04-15-2020

Thanks Dave. Now I know the scope.