Bypass web filter for one user

hsd · ‎09-07-2018

Hello,

We are a school district that just switched from Cisco ASA devices to FortiGate 201E firewalls for our schools. Our firewall is in flow-based inspection mode and is on version 5.6.3. We block Facebook, but want to allow just the principal to access it to update the school's Facebook page. Is there a way to whitelist his IP/MAC address or have a way for him to log in to get to Facebook?

Thank you.

Toshi_Esumi · ‎09-07-2018

Create a new policy and put the principal's device's IP in source address, then allow whatever you want to allow as services then place it above the existing policies. Don't forget to enable nat.

hsd · ‎09-07-2018

Thank you. I'll have a look at that.

darwin_FTNT · ‎09-08-2018

Seems the feature webfilter web override supports that function. It is working for proxy-based utm. For flow-based utm, the feature has been finished porting but haven't been committed to trunk. It should be available in FOS v6.x release (approximately, depends on developer porting the feature).

hsd · ‎09-11-2018

Thank you Darwin. I'll have a look at the possibility of an OS upgrade.

tanr · ‎09-11-2018

Might be better/safer/simpler to just have a duplicate security policy for your principals user account / device with a different web filter, rather than upgrade the OS.

Bypass web filter for one user

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website