Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RyanFItz
New Contributor

Fortinet blocking allowed site

All I have enabled is web filter -> url filter. I have one website to allow then block * as wildcard and for some reason it blocks the allowed sites and seems to be only https sites, my http sites in the allow list works but my https sites do not.

 

Does anyone have any idea?

 

google and fastpeoplesearch get blocked

 

Attached is a screen shot of the filter

 

Web Filter   Threat Level    high Direction    outgoing Log event original timestamp    1602069758 Event Type    urlfilter Hostname   &nbsp www.fastpeoplesearch.com Message    URL was blocked because it is in the URL filter list Profile Name    default Request Type    direct URL     www.fastpeoplesearch.com/ URL Filter Index    1 URL Filter List    default

 

 

Date    10/07/2020 Time    07:22:43 Duration    5s Session ID    52787 Virtual Domain    root NAT Translation    Source Source IP    192.168.168.5 NAT IP    75.150.165.185 Source Port    57133 Country    Reserved Primary MAC    9c:8e:99:5c:34:0b Source Interface    lan Host Name    SCCserver.sterlingcredit Device Type    Windows PC OS Name    Windows 8.1 / 2012 Destination IP    104.18.15.109 Host Name    fastpeoplesearch.com Port    443 Country    United States Destination Interface    wan1 Application Application Name    HTTPS Category    unscanned Protocol    tcp Service    HTTPS Data Received Bytes    212 B Received Packets    5 Sent Bytes    809 B Sent Packets    7 Action Action    server-rst Security Action    Blocked Threat    8 Policy    1 Policy UUID    e02340c0-706e-51e8-64e1-e9101bf2f114 Policy Type    policy Security Level     Web events    1 Threat Score    30 Other Source Interface Role    lan Log ID    13 byod_name    SCCserver.sterlingcredit Protocol Number    6 roll    65535 byod_device    windows-pc Log event original timestamp    1602069763 Destination Interface Role    wan dstcountry_code    US Source Server    0 Sub Type    forward utmref    65535-37914 Security Events

 

5 REPLIES 5
Fullmoon
Contributor III

I would craft my url entries like these URL:*.fastpeoplesearch.com,*.google.com Type: Wildcard, Action: Exempt, Status:Enable

Fortigate Newbie

Fortigate Newbie
RyanFItz

Thanks I’ll try that
RyanFItz

I got it to work.

 

It does not like any form of wildcard for some reason for allow or exempt. Firmware 5.6.3

 

I had to use

fastpeoplesearch.com, simple, allow

www.fastpeoplesearch.com, simple, allow

*, wildcard, block

 

now the site will come up and all others are still blocked

RyanFItz

Still wouldn't work so what I did was use the category blocking, I blocked every category and unrated, then created an allow white list for a custom category and that seems to work.

sw2090

two things:

 

1. you url filter will not work because you set the action to "allow". This means it will allow it but check all other rules coming after that too. And your blocking all rule is of course matching too. So set the action to "exempt" to have it stop once the rule matched and not hit the block all rule.

 

2. url filter on https site will only work if you enable ssl deep inspection because without that it cannot see the url. Certificate inspection will also only see what is in subject (alternate) name which is usually only the domain or subdomain name of the site.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors