Hi,
I am trying setup fortigate (version 5.2) to block every DNS request except the requests querying for whitelisted domains.
I've setup fortigate unit to use FortiGuarde DNS servers and also use fortigate as my internal DNS server. Then I've created Web Filer policy to block everything but DNS request to resolve google.com
I've applied this policy to firewall rules. But I am still able to resolve every domain.
What am I doing wrong? And is it even possible to achive my goal?
I haven't used DNS web filtering myself. But based on the online help description below:
category filtering seems to be necessary.
Try configure them in local categories instead of Static URL Filter to see if it works. If not, you probably need to open a case at TAC.
Unfortunately category filtering is not licensed for my device. I've tried it anyway, but without any luck.
Mostlikely at least that part of FortiGuard license/subscription is required. You can verify with a sales or TAC.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.