Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Difference between allow and exempt in web filter

hello I am a beginner in the use of fortigate systems I have just configured a webfilter with a private policy and a public and I have authorized certain site in the webfiltering in the public policy I have mit certain site to allow and that does not work not and when I was exempted it worked I wondered for my personal knowledge what was the difference between



ps.sorry for my english


I don't remember, or have never learned, exact scope of "exempt" or how much/far it would affect to. But at least know that in the webfilter profile it would go through URL filters first then Category filters, and inside of category filters, go through local categories first and the rest based on the order you see.

Then if you exempt at a point of this chain, it would stop checking the rest and exit the process. Ex. if you exempt an URL in URL filters, it would never go to category filtering checks, while if you allow one URL in URL filters, it would still go through checking category filters.


Taken from


 The difference between the two, is Allow will continue with the UTM processes.  Exempt will tell the fgt to stop processing further utm features.  See the above link for further details on this and the other URL filter actions. 


NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Thanks Dave. Now I know the scope.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors