FortiSASE Security Policy

Zi · ‎02-03-2025

I am just wondering if someone can please explain in more detail how Forti (in Proxy mode) handles URL based filtering and Application control.

I have tested the following with facebook.com:

Block “social networking in webfilter and social Media is blocked in application control --> facebook is blocked
Allow “social networking in webfilter and social Media is blocked in application control --> facebook is blocked
Block “social networking in webfilter and social Media is Allow in application control --> facebook is blocked

It looks like both options need to be allowed or have a exception for this to wokr. Is this how this is suppose to work?

How would this work for lets say some fileshare rule : Do i need to allow this in URL filtering and then also in application control?

Another example would be file sharing like google drive. Does this mean that one needs to allow the google drive url in url filtering and then block "online storage" in Application CASB but make an exception to allow google drive?

Anthony_E · ‎02-05-2025

Hello ,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎02-06-2025

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

Anthony_E · ‎02-10-2025

Hello,

I may found an answer to your question:"

how Forti (in Proxy mode) handles URL based filtering and Application control.":

To understand how FortiProxy handles URL-based filtering and application control, we need to look at the security profiles it offers:

URL Filtering: FortiProxy uses FortiGuard Web Filtering, a subscription service that rates over 60 million websites and two billion web pages into 77 categories. - You can allow or block access to specific categories of websites based on your organization's policies. - URL filtering allows you to restrict access to URLs that you specify, providing granular control over web access.
Application Control: FortiProxy's Application Control feature can detect the network traffic of more than 1,000 applications, even those not using standard ports for communication.

It allows you to identify and control applications on networks and endpoints regardless of the port, protocol, or IP address used. - You can write custom signatures to tailor application control to your network's specific needs, enhancing your control over application communication.

By utilizing these features, FortiProxy effectively manages URL-based filtering and application control to enhance security and control over web traffic within your network.

Anthony-Fortinet Community Team.

Zin · ‎02-11-2025

Hi Anthony, thanks for the Info. This is really helpful.

What i am trying to understand is how can one structure the policy that only allows you to lets say "google drive" and then move to the next policy to get allowed for lets say facebook.

The use case is what if a user is part of two different AD groups and needs to have access to different Apps/URL which is allowed by different policy.

Now that we have the whole Security profile tied to a rule, this gets really tricky to allow/block.

FortiSASE Security Policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website