Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nappy
New Contributor

Allow Specific URL

Hi, I would like to block www.facebook.com, but I would like to only allow access to a specific facebook URL eg www.facebook.com/radiowave So Users should not be able to access facebook but should be able to access the company facebook page. How can I accomplish this? Thanks
2 Solutions
Dave_Hall
Honored Contributor

Hi Stryker. The web site functionality may depend on other sites/domains. If you have logging enabled you should be able to check the blocked URLs (under the Log and Archive Statistics widget) or the Web Filter log under " Log&Report" . Add any " missed" urls to your URL or Local ratings category. (You may want to play around with " Allow Websites When a Rating Error Occurs" , " Strict Blocking" , or " Block HTTP redirects by Rating" options in your web filter Profile to see if that makes a difference.) The attached screen shot is from 4.0 MR3 patch 14. You did not indicate which firmware your fgt device is running.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Oh_Yaw_Theng
New Contributor II

Hi Faaeq, Can you try to change the action to " Exempt" ? Try again and see whether it works. Thanks.

View solution in original post

17 REPLIES 17
Stryker412
New Contributor

We are running 5.0 build 179 (GA patch2). So I can get to pinterest.com but not this specific URL: http://www.pinterest.com/montessorimom/education-ideas/ I checked the logs and this URL never shows up. My version looks a little different than yours. I do not have Log&Archive Access in my Logs section. I also tried to add the widget you have for the dashboard and it' s not available.
Devendra_Palan
New Contributor

Hi Stryker, In V5.0 Under log&Reports check in security logs for the web filtering logs. Also check in forwarded traffic logs for packet info. Pls cross verify the rating override config with the particular URL.
Stryker412
New Contributor

I allowed skype.com under our teacher_filter. I also added skype.com under category allowed sites staff. So on one computer I go to skype and it shows the correct category but the site is still blocked. Edit: I can get to the site on my wireless device, just not on any wired device. Edit 2: Ok scratch that, it does look like it is working. For some reason the computer I' ve been testing on is not falling under the teacher filter. Sorry about that.
Stryker412
New Contributor

We have profiles setup for teachers and students to allow content. How is it determined how a user falls in what category?
Bromont_FTNT
Staff
Staff

you can restrict based on IP address in the firewall policy otherwise you' ll need identity based policies where users will be assigned the correct group based on firewall authentication or FSSO group status.
Stryker412
New Contributor

Well that' s a little frustrating. I wish it were easy enough to restrict by login. I' d like for teachers that were in the lab to have access to the same sites as their classrooms. In which setting I filter by IP?
Bromont_FTNT
Staff
Staff

Ok, sounds like you may want FSSO instead... These are domain logins?
Stryker412
New Contributor

Yes we use OD. Unfortunately we do not have AD in place yet, I' m hoping to do that next summer.
Labels
Top Kudoed Authors