I am just wondering if someone can please explain in more detail how Forti (in Proxy mode) handles URL based filtering and Application control.
I have tested the following with facebook.com:
It looks like both options need to be allowed or have a exception for this to wokr. Is this how this is suppose to work?
How would this work for lets say some fileshare rule : Do i need to allow this in URL filtering and then also in application control?
Another example would be file sharing like google drive. Does this mean that one needs to allow the google drive url in url filtering and then block "online storage" in Application CASB but make an exception to allow google drive?
Hello ,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello,
I may found an answer to your question:"
how Forti (in Proxy mode) handles URL based filtering and Application control.":
To understand how FortiProxy handles URL-based filtering and application control, we need to look at the security profiles it offers:
It allows you to identify and control applications on networks and endpoints regardless of the port, protocol, or IP address used. - You can write custom signatures to tailor application control to your network's specific needs, enhancing your control over application communication.
By utilizing these features, FortiProxy effectively manages URL-based filtering and application control to enhance security and control over web traffic within your network.
Hi Anthony, thanks for the Info. This is really helpful.
What i am trying to understand is how can one structure the policy that only allows you to lets say "google drive" and then move to the next policy to get allowed for lets say facebook.
The use case is what if a user is part of two different AD groups and needs to have access to different Apps/URL which is allowed by different policy.
Now that we have the whole Security profile tied to a rule, this gets really tricky to allow/block.
Can't you match on users/groups and give them different profiles? Also see the app control as you can be more open in the URL filtering and then go dipper with App Control and then CASB. You will need to plan your rules and profiles carefully.
User | Count |
---|---|
2549 | |
1356 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.