Fortigate firewall static URL not exempting URLs from web filter

Laniver · ‎01-11-2025

The firewall is running version 7.2.10.

I have a set of rules which has web filters, IPS and DNS filters enabled.

The web filter is set to warning for unrated websites. I have set several static URL filters to exempt certain URLs from web filtering, but it is apparently still being blocked by web filtering.

How do I ensure the static URL filters work for exempting URLs from web filtering?

dingjerry_FTNT · ‎01-11-2025

Hi @Laniver ,

When you say "but it is apparently still being blocked by web filtering", did you mean it is blocked by the FortiGuard Category?

Anyway, can you share your URL Filter configuration for the URLs in this issue?

Regards,

Jerry

kaman · ‎01-11-2025

Hi Laniver,

When apparently blocked by web filtering so at time if you encounter a FortiGuard Deny Page due to web filtering, please provide a screenshot of the page.

Additionally, navigate to Log & Report -> Security Events -> Web Filter in your system and review the logs details on whether the website was blocked or bypassed. Pay attention to the "Message" field in the logs as well.

Note: To exempt a specific website, use the Wildcard type for the exemption.

You can refer to the below document for Troubleshooting static URL filter by 'debug ips'

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshooting-static-URL-filter-by-debug...

Regards,
Aman

Laniver · ‎01-12-2025

Please see attached image when I set web filter to 'Warning' for unrated category.

Hostname anw.cz.com

URL http://anw.cz.com/api/v3/agent/state/cbe71136-fe7-340f-18aeed6

I have set a wildcard static URL - http://anw.cz.com/*

dingjerry_FTNT · ‎01-12-2025

Hi @Laniver ,

The log message does not help us to identify why FortIGuard Category blocked it.

Please provide your static URL Filter configuration about "anw.cz.com".

Regards,

Jerry

Laniver · ‎01-12-2025

Static URL filter configuration:

dingjerry_FTNT · ‎01-12-2025

Hi @Laniver ,

Please use the following for the URL field:

*anw.cz.com*

Regards,

Jerry

Laniver · ‎01-29-2025

Thanks, but I noticed it does not work for all cases.

For instance, *anw.cz.com* does not match xc03.anw.cz.com.

I have another matching issue which I am having trouble with.

Domains to be matched:

c1-ny-cvx.anw.cz.com

c1-ny-mpm.anw.cz.com

I created the following regular expression, but it does not match. Traffic to both domains still get denied by the web filter.

c1-ny-(cvx|mpm)\.anw\.cz\.com

dingjerry_FTNT · ‎01-29-2025

Hi @Laniver ,

Could you please share your new URL filter configuration?

And are those URLs HTTPS-based?

Regards,

Jerry

Laniver · ‎01-30-2025

Yes, they are HTTPS based.

Fortigate firewall static URL not exempting URLs from web filter

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website