Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ali84
New Contributor

Created on ‎02-11-2023 01:49 PM

Application Control and Web Filtering not working together.

I want to keep Office apps open and also let the user browse to some specific URLs, but the web filtering works properly only if I apply alone, not with Application Control. 

Any advice on how I can do that? 

I have the 6.4.8 version

Labels:
2859
0 Kudos
17 REPLIES 17
gfleming
Staff
Staff
In response to Ali84

Created on ‎03-24-2023 04:23 PM

How is it not working? please describe the issue. What are you expecting in terms of Fortigate behaviour and what are you experiencing?

 

Also is this policy getting hit? Or is another policy above it taking precedence?

Cheers,
Graham
738
0 Kudos
Ali84
New Contributor
In response to gfleming

Created on ‎03-24-2023 05:45 PM

Let's talk about only this policy that I shared.

 

I expect that this policy blocks all the URLs and only Allows specific URLs in the list to open in the browser, but it's not working, and all the URLs are blocked.

 

We have a lot of policies, but I put this at the Top of the policy list. I also moved it to the end of the list, but nothing changed. 

 

It only keeps FB open for me. (that's the exciting part)

1.png

 

 

734
0 Kudos
funkylicious
SuperUser
SuperUser
In response to Ali84

Created on ‎03-25-2023 12:25 AM

Try moving the *.* block rule at the end of the list

geek
geek
724
0 Kudos
gfleming
Staff
Staff
In response to Ali84

Created on ‎03-26-2023 04:59 PM

I don't think you can accomplish what you want to do here using URL Filter. You cannot block all URLs in the filter and still expect some to be allowed. At least for this I am fairly sure.

 

For your case I would consider leveraging the ISDB, FGDN Address Objects or Customer Web Filter categories and Overrides:

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/918943/overrides

Cheers,
Graham
699
0 Kudos
srajeswaran
Staff
Staff

Created on ‎02-13-2023 05:55 AM

Can you share your firewall policy configuration as well?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

907
0 Kudos
Ali84
New Contributor
In response to srajeswaran

Created on ‎02-27-2023 07:42 AM Edited on ‎02-27-2023 07:44 AM

Hi, 

Sorry about the delay. It seems Web Filter is not working correctly. 

Please consider my firewall-config 

Ali84_2-1677512502485.png

Ali84_4-1677512643451.png

 

Regards

859
0 Kudos
Ali84
New Contributor

Created on ‎04-13-2023 10:58 AM

Thanks for all your support. 

I fixed this, but I want to share some experiences that sometimes confused me. 

 

1 - I have to have a separate policy for YouTube, the *.* didn't block it, and I made Application Control for that. 

2 - Sometimes policies are affected right away but sometimes takes 10 to 15 min. 

 

Thanks from everyone.

 

 

 

 

 

652
0 Kudos
gfleming
Staff
Staff

Created on ‎04-13-2023 01:29 PM

If you're creating a new policy, existing sessions may still be allowed. The info here might help you:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dirty-session/ta-p/197748

Cheers,
Graham
643
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.