Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Steve_Fuller
New Contributor III

CTLs and other security sites

I spend a lot of time allowing sites that I would regard as "positive" security sites such as certificate vendors, certificate trust list sites and others.  Wouldn't it make sense not to list sites designed to make the web safer alongside software download sites?

2 Solutions
gfleming

Every web page belongs to a category. I'm not sure they are about to create a new category just for this.

 

 

Have you considered leveraging the ISDB? Verisign exists, digicert exists. This might be better suited to what you're trying to accomplish:

https://www.fortiguard.com/encyclopedia/isdb/9568408

 

Cheers,
Graham

View solution in original post

Steve_Fuller

It didn't think of that for this--already in use for every client because of 365, etc.  Will add those--faster than overrides--thanks!  BTW, 

The website(s) you submitted below has been reviewed and updated:

 

Submission Date:            Wed, 25 Jan 2023 15:57:57 -0800

URL:                        hxxp://crl[.]entrust[.]com/

Customer Comment:           Site designed for web safety--should not be blocked.

Updated Category:           Information Technology

Update Date:                Wed, 25 Jan 2023 16:53:38 -0800

 

View solution in original post

10 REPLIES 10
gfleming
Staff
Staff

Are you commenting on web filter categories being too broad? What are some examples of sites that you need to exempt vs sites you want to block from a category that you are blocking?

Cheers,
Graham
Steve_Fuller

Sites confirming the validity of certificates (digicert, ctl.microsoft.com)shouldn't be in the same category as sites like Verizon.com (Information Technology). 

Information TechnologyInformation Technology peripherals and services, cell phone services, cable TV/Internet suppliers.FULL SSL INSPECTIONSSL CERTIFICATE INSPECTION
Information and Computer SecuritySites that provide information about or free downloadable tools for computer security, but not ordinary Freeware and Software downloading.
gfleming

I think I agree with you. You can always submit a classification request:

 

https://www.fortiguard.com/faq/wfratingsubmit

 

Cheers,
Graham
Steve_Fuller

I have--but I was hoping not to have to request dozens of re-classifications manually.  And I don't now that they will understand the distinction and remove the urls from a category.  I don't know why they would have been placed in a category at all.

gfleming

Every web page belongs to a category. I'm not sure they are about to create a new category just for this.

 

 

Have you considered leveraging the ISDB? Verisign exists, digicert exists. This might be better suited to what you're trying to accomplish:

https://www.fortiguard.com/encyclopedia/isdb/9568408

 

Cheers,
Graham
Steve_Fuller

It didn't think of that for this--already in use for every client because of 365, etc.  Will add those--faster than overrides--thanks!  BTW, 

The website(s) you submitted below has been reviewed and updated:

 

Submission Date:            Wed, 25 Jan 2023 15:57:57 -0800

URL:                        hxxp://crl[.]entrust[.]com/

Customer Comment:           Site designed for web safety--should not be blocked.

Updated Category:           Information Technology

Update Date:                Wed, 25 Jan 2023 16:53:38 -0800

 

gfleming

That's great glad it'll work out for you. Please consider marking the actual response as a solution so people get credit for the post and other people searching can find it easier. :)

 

ALso, just out of curiosity what was crl.entrust.com categorized as before you got it updated to Information Technology?

Cheers,
Graham
Steve_Fuller

I believe they just moved it from Information and Computer Security to Information Technology.  Unfortunately there are only 3 OSCP entries in the ISDB and no direct ctl or ctrl entries.

gfleming

So are you blocking all of Information and Computer Security category today?

Cheers,
Graham
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors