I believe URL web filtering should still work, but not the FortiGuard web filtering (service) part.
You can still block/unblock by creating address/fqdn firewall objects for the website(s) and group them into an object groups then use that as the dest address in firewall policies. Of course, you will need to move such firewall policies up, in the firewall rule chain so they can be triggered. This is a bit ugly IMO depending on the website if content servers (server farms) are used.
I did exactly what you are describing on about a hundred 60Bs that needed to block all internet access except about 25 sites.
The way we did it was with a web filter policy that had fortiguard filtering turned off and instead had a specific URL list enabled. In general, you put in the allowed URLs with the action of allow or monitor and then at the end you put a wildcard in with block. Thankfully now you can use simple wildcards- back in the 3.6/3.7 days it was only regular expressions and it took some finessing to get the correct syntax for certain urls.
Here are some words of caution... The list is read top to bottom and i don't believe there is a way to rearrange the list easily. So when we had to add sites to the list, we deleted the wildcard block on the end, added more sites, and then put the wildcard block back. Also since this is fully on the device, it may impact performance on smaller units if the list gets extraordinarily large. I imagine you'll run into manageability problems handling such a large list before you actually run up against processing problems, but it's something to note. It also may become easier to handle it through a CLI script instead of directly in GUI.
yeah as said the FortiGuard Filters can only filter (or not filter) Domain names. Not Protocolls, no wildcards,no paths.
You will have to use -as also said - the url filter.
Add a profile to use in your policy. Disable FortiGuard if not needed. Enable url filter.
Set an exempt rule for the sites you want to have enabled. You will need exempt here to have the url filter stop once it matched a rule successfully. If you set allow the last rule we need will kill this rule since it matches too.
Last rule in url filter has to be Block * .
This will then grant access to website that have an exempt rule which is above the block * rule and stop checking here.
Everything else will be blocked.
Note: This will not work via FortiManager <= 5.4 due to a confirmed Bug in FortiManger that affects the order of the url filter rules. I cannot currently tell you if it still is in FMG >=5.6 since I haven't checked yet.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.