Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Firewall Policy 6.0.3 Wildcard FQDN

Hello, Update my FG200D to 6.0.3 and I find that Wildcard FQN can no longer be used in the IPv4 or Explicit proxy policy rules. Before with 5.4.5 I had rules in Explicit Proxy that allowed access to * for example to a single user. Now how should I make that rule? How do I use Webfilter or Application Control to allow access to Facebook but not affect access to other sites? Today (in version 6.0.3) if I make a rule for the PC that I need to have access to facebook with webfiler or application control that blocks all categories and that allows (in application override or static url) Facebook Category or * .facebook. com wildcard and place that rule above the rule that allows internet to all users, that user can not especially navigate on any page, only on the Facebook page. Which is logical because the rule that applies says everything but facebook blocks. If I put that new rule under the current rule that allows internet to all, the user can especially navigate but does not access Facebook because the general rule says that you can not navigate on Facebook. In ISA Server I remember that exceptions could be configured in the rules, in this case it would be the indicated, to be able to tell you apply this rule except for this user or this site. In version 5.4.5 using Wildcard FQDN in the rules I had it resolved, now in 6.0.3 how can I resolve it? Thank you.

New Contributor III

Hi there,


How are you authenticating users now?  In general I'd start with a different security policy for web/app applied to a policy above your main one specifying the users group that should have access to it.  This could also work for device groups if you want to manage it that way from discovered devices.

New Contributor III



I applied policy by source ip address.



Top Kudoed Authors