Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HeraldGoSison
New Contributor II

Category Blocking in Firewall Policy

Hi Experts,

 

i am very new to Fortinet so i am abit confused on how web filter via category blocking worked in firewall policy.

 

I want to block facebook to all users/devices but i want to have some exemptions to certain users/devices.

 

Would these method below will work?

 

1) Allow the exempted users to facebook

2) block all users to facebook

3 any any any allow

 


i am used to configure cisco FTD FMC and thede method worked i am not sure in Fortinet because in Fortinet once you select a category all categories will be included unlike in cisco that only the categories you want to allow or block will be included in the rules you are creating.

 

one more thing if i will upgrade the firmware would it require a reboot? Can i revert back to old firmware incase i am not happy with the newly installed firmware?

 

Thank you and morr power to all!

12 REPLIES 12
hbac

@HeraldGoSison,

 

On version 7.0.12, you can go to Security Fabric > External Connectors > Create New > FSSO Agent on Windows AD. 

 

Regards, 

HeraldGoSison
New Contributor II

Hi Sir,

 

i have done this in endpoint/identity under external connectors and it is showing conencted to our local AD

Screenshot 2023-12-11 121905.png

 

i have added FSSO in user groups

Screenshot 2023-12-11 122100.png

 

and made a test policy for the users inside the group and add it in the source.

 

my test site was any **bleep**site so the Rule # 2 is default block all **bleep**sites and rule# 1 should allow **bleep**site access to specific people included in the FSSO group but it is being blocked by rule # 2 when it should hit rule #1 first.

Screenshot 2023-12-11 124548.png

 

So basically fsso group in blocking is still not working,

hbac

@HeraldGoSison,

 

Have you checked the logs to see which rule it matches?

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors