Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itnnetworks
New Contributor

Web Filter blocks IP

Hello, 

 

We have a fortigate 80F. There is a Firewall Policy, which has WebFilter enabled for traffic from LAN to Internet.

 

The problem is that we are trying to access a sftp with IP. I see in the logs that the IP is categorized as Unrated. 

I created a new Web Rating override and in the URL I've added the IP we are trying to access (The override is to use a different category to allow the access). Obviously the URL field is for URLs, so the IP is still been treated as unrated. To overcome this issue I have created a new Policy rule so the traffic for this specific IP is not using the WebFilter UTM.

Is there any way (except making the Unrated category allowed) to overcome this issue?

1 Solution
seshuganesh
Staff
Staff

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

View solution in original post

5 REPLIES 5
seshuganesh
Staff
Staff

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

sw2090
Honored Contributor

yeah what seshuganesh says :)

Webfilter is made for FQDN not for ips. I also recommend using the url filter for that with an exempt rule like he described it.


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

vponmuniraj
Staff
Staff

Hi, 

 

Web filter works on HTTP / HTTPS ports. 

 

Can you paste the log as well as the firewall policy you are referring to? 

 

 

Regards,

Vignesh.

Vignesh
sw2090
Honored Contributor

that too, vponmuniraj :)

Also it does not support wildcards while the url filter does.

And as said webflter is made for fqdns not ips.

Alas that is what TAC told me once :)


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

itnnetworks
New Contributor

Hi all, 

 

@seshuganesh solution is working. We can see now in logs that the traffic is marked as passthrough. Thank you all!