Hello All,
In Fotigate firewall, can someone guide how can we allow a specific full/exact URL as below only,
https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Thanks,
How do you know this is being blocked by the firewall? What do the logs say? Which inspection feature is blocking this? Web Filter? DNS? Something else?
Hello @adambomb1219
Thank you for your response.
The firewall is not currently blocking this URL. We have certain devices restricted from accessing the internet through the firewall, but we’d like to make an exception to allow access to this specific URL for an application on these devices.
Hi
Create a simple URL filter to block the full URL in the web filter profile.
The below doc might help you;
Hello,
Since you want to allow the full URL I assume the path of the URL needs to be checked as well.
With a simple policy and only cert inspection the web filter will only check the certificate information present.
You would need a policy preferably in proxy mode and with SSL deep inspection enabled.
In the web filter profile you create a static URL filter with the action set to "EXEMPT". This is really important as sometimes with action set to "allow" if you are blocking the category in the webfilter then it will still be blocked.
Hope this helps.
Hello @bkrishnan, @ezhupa,
Thank you for sharing the useful link!
I was having the doubt whether deep inspection would be necessary, as @ezhupa have mentioned.
To make is easier, creating a simple URL filter to allow, "code.ionicframework.com/*" should work?
Please guide. Thanks,
Created on 10-30-2024 04:43 AM Edited on 10-30-2024 04:45 AM
Hello,
Yes that should work, but remember it is better to set the action to "Exempt". I am adding below an article that explains the difference.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-The-difference-between-allow-and-exempt-in...
You can either configure it as a simple URL or a WILDCARD/Regex URL.
You can test either way and see whichever works best in your scenario.
EDIT:
code.ionicframework.com/* -> if you are using a * after the slash that would allow every possible path after the link and not only limited to
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css .
And if using * better would be to use Wildcard type URL.
Thanks for confirming.
I will configure a wildcard URL for "code.ionicframework.com/*" with action set to Exempt.
Then add another filter below it with * and action set to block.
Can you guide, whether another filter with * and action set to block is necessary ?
Hello,
If you want to block everything else, a wildcard type URL "*.*" with action set to BLOCK will block everything. Only URLs exempted above this block rule should be allowed.
I got that, thanks. Since the devices for which we want to allow this URL are already restricted from accessing the internet through the firewall, i thought whether it is required.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.