Fortigate Manage BlackList

luca1994 · ‎12-20-2023

Hello team,

I wanted to know what is the best method to manage fqdn to be blacklisted. Basically, is it better to use an ad hoc web filter profile or to create fqnd groups with wildcards?

My goal is to block specific fqdn for everyone globally.

Thanks for the support
BR

AEK · ‎01-11-2024

Hello

Enable All traffic log in the related policy, then check in the traffic log. You should find there traffic log witch client IP as source, DNS server IP as destination, and DNS as protocol/service.

AEK

View solution in original post

hbac · ‎01-10-2024

Hi @luca1994,

Unresolved FQDN could be a GUI bug. Which firmware version are you using? Please refer to the following articles:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FQDN-address-object-shows-unresolved...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FQDN-based-firewall-policies-are-not-worki...

Another option is to use static URL filter: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...

Regards,

luca1994 · ‎01-10-2024

Hello @hbac and thanks for the support.

how do i check if dns requests go through fortigate? with what commands?

i'm using fortios 7.4.6

Thanks

Br

AEK · ‎01-11-2024

Hello

Enable All traffic log in the related policy, then check in the traffic log. You should find there traffic log witch client IP as source, DNS server IP as destination, and DNS as protocol/service.

AEK

mle2802 · ‎12-20-2023

Hi @luca1994.
Another solution you can consider is using threat feed to import a list of FQDN and use it as category for web filter.

Regards,
Minh

adimailig · ‎12-20-2023

If your concern is about HTTP/HTTPS traffic going to FQDN you can manage or block it using Web Filter.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...

Best Regards,

Arnold Dimailig
TAC Engineer