Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
caimongs
New Contributor

BLOCK specific IP/PC/User

Hi all.

I got a 90D device. I want to block some User in my domain access to internet.

I try to set up but it doesn't work. Anyone help.

 

When i set up WEB FILTER, it effect to all network, all user. But i just want it effect to some user/PC/IP only. Is it possible? 

 

I read someone talk about SINGLE SIGN ON function.

I already set up SINGLE SIGN ON in my AD and already connected.

But when i create policy, it doesn't work. I don't know what wrong, did i wrong in setting up.

 

Explain for image

policy 1: All user can access to All resource

policy 2: User in group " FSSO BLOCK GROUP" can NOT access to  All resource.

( i tried move policy 2 up but nothing change)

 

Please contact me through this forum or by email nam.lt@outlook.com

 

Thank you so much 

3 REPLIES 3
bobm
New Contributor III

Hi,

Don't know if anyone has contacted you privately, but it looks like you have your Policy order backwards. Try placing the Deny policy above the Allow policy.  When a packet hits the FG, it will be processed via the first policy that applies to it.  Since the Allow is for "all" it is processed there and never hits the second one.

yest
New Contributor

How do I block specific "blogger.com"

We have the google FQDN's opened per their suggestion ( https://support.google.com/a/answer/2589954?hl=en ) and ( https://support.google.com/drive/answer/6163291 )   the kids have discovered a number of gaming sites on google homepages, all seem to be named "my games

" i.e. http://mygameus.blogspot.com http://mygameus.blogspot.com/2016/03/Barney.html [link=http://mygameus.blogspot.com/2016/03/Jet-Pack-Monkey.html] http://mygameus.blogspot....3/Jet-Pack-Monkey.html[/link] The problem is that blocking google by address doesn't seem to work as every request seems to use a different one, and I don't know why but I don't seem to be able to block by name.   I put in a simple IPV4 policy, source = any,  Destination = "http://mygameus.blogspot.com/2016/03/Crosstown-Craze.html",  block and it doesn't work.  because it is a block there is no SSL inspection or anything like that....   When I look at the log there is nothing that says "http://mygameus.blogspot.com/2016/03/Crosstown-Craze.html" just "encrypted-tbn1.gstatic.com" but I don't want to block all of google, just the few sites.   Can anyone help?

ede_pfau
Esteemed Contributor III

You could use Application Control to block the whole category instead of just one URL. Create an AC sensor, enable category "Gaming" and apply that to the policy 'internal' -> 'wan'. Works quite well IME.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors