If the policy allowing Office is above the other policy then the only traffic that is going to match the Office policy is traffic destined to Office apps.
When a user tries to access a blocked web page it will completely bypass the office policy and go to the web filter policy.
Now, we can't really use application control to block access in this way because policies are matched on the network traffic and then we filter the application traffic. So in the scenario above if you are allowing Office using application control your policy must also be allowing HTTP traffic which means your also going to have to simultaneously block using web filters.
I would suggest leveraging the ISDB whenever you need to allow access to specific resources and services. In this case use ISDB (which is a network-level classification) to allow access to Office in a single policy.
Then use the web filter policy below it to filter out how your users web browsing should work.
It seems I'm doing something wrong with web filtering. Would you please guide me? I removed the incoming and outcoming sources for security, and I wanted to test only on my computer first. That's why in the head, you only see my computer. But Web filtering is not working based on my config. The policy is at the bottom of all policies.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.