Category Blocking in Firewall Policy

HeraldGoSison · ‎12-08-2023

Hi Experts,

i am very new to Fortinet so i am abit confused on how web filter via category blocking worked in firewall policy.

I want to block facebook to all users/devices but i want to have some exemptions to certain users/devices.

Would these method below will work?

1) Allow the exempted users to facebook

2) block all users to facebook

3 any any any allow

i am used to configure cisco FTD FMC and thede method worked i am not sure in Fortinet because in Fortinet once you select a category all categories will be included unlike in cisco that only the categories you want to allow or block will be included in the rules you are creating.

one more thing if i will upgrade the firmware would it require a reboot? Can i revert back to old firmware incase i am not happy with the newly installed firmware?

Thank you and morr power to all!

hbac · ‎12-09-2023

@HeraldGoSison,

On version 7.0.12, you can go to Security Fabric > External Connectors > Create New > FSSO Agent on Windows AD.

Regards,

HeraldGoSison · ‎12-10-2023

Hi Sir,

i have done this in endpoint/identity under external connectors and it is showing conencted to our local AD

i have added FSSO in user groups

and made a test policy for the users inside the group and add it in the source.

my test site was any **bleep**site so the Rule # 2 is default block all **bleep**sites and rule# 1 should allow **bleep**site access to specific people included in the FSSO group but it is being blocked by rule # 2 when it should hit rule #1 first.

So basically fsso group in blocking is still not working,

hbac · ‎12-11-2023

@HeraldGoSison,

Have you checked the logs to see which rule it matches?

Regards,

Category Blocking in Firewall Policy

Nominate a Forum Post for Knowledge Article Creation