Hello team,
I wanted to know what is the best method to manage fqdn to be blacklisted. Basically, is it better to use an ad hoc web filter profile or to create fqnd groups with wildcards?
My goal is to block specific fqdn for everyone globally.
Thanks for the support
BR
Solved! Go to Solution.
Hello
Enable All traffic log in the related policy, then check in the traffic log. You should find there traffic log witch client IP as source, DNS server IP as destination, and DNS as protocol/service.
Hi @luca1994,
Unresolved FQDN could be a GUI bug. Which firmware version are you using? Please refer to the following articles:
Another option is to use static URL filter: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
Regards,
Hello @hbac and thanks for the support.
how do i check if dns requests go through fortigate? with what commands?
i'm using fortios 7.4.6
Thanks
Br
Hello
Enable All traffic log in the related policy, then check in the traffic log. You should find there traffic log witch client IP as source, DNS server IP as destination, and DNS as protocol/service.
Hi @luca1994.
Another solution you can consider is using threat feed to import a list of FQDN and use it as category for web filter.
Regards,
Minh
If your concern is about HTTP/HTTPS traffic going to FQDN you can manage or block it using Web Filter.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.