All I have enabled is web filter -> url filter. I have one website to allow then block * as wildcard and for some reason it blocks the allowed sites and seems to be only https sites, my http sites in the allow list works but my https sites do not.
Does anyone have any idea?
google and fastpeoplesearch get blocked
Attached is a screen shot of the filter
Web Filter Threat Level high Direction outgoing Log event original timestamp 1602069758 Event Type urlfilter Hostname   www.fastpeoplesearch.com Message URL was blocked because it is in the URL filter list Profile Name default Request Type direct URL www.fastpeoplesearch.com/ URL Filter Index 1 URL Filter List default
Date 10/07/2020 Time 07:22:43 Duration 5s Session ID 52787 Virtual Domain root NAT Translation Source Source IP 192.168.168.5 NAT IP 75.150.165.185 Source Port 57133 Country Reserved Primary MAC 9c:8e:99:5c:34:0b Source Interface lan Host Name SCCserver.sterlingcredit Device Type Windows PC OS Name Windows 8.1 / 2012 Destination IP 104.18.15.109 Host Name fastpeoplesearch.com Port 443 Country United States Destination Interface wan1 Application Application Name HTTPS Category unscanned Protocol tcp Service HTTPS Data Received Bytes 212 B Received Packets 5 Sent Bytes 809 B Sent Packets 7 Action Action server-rst Security Action Blocked Threat 8 Policy 1 Policy UUID e02340c0-706e-51e8-64e1-e9101bf2f114 Policy Type policy Security Level Web events 1 Threat Score 30 Other Source Interface Role lan Log ID 13 byod_name SCCserver.sterlingcredit Protocol Number 6 roll 65535 byod_device windows-pc Log event original timestamp 1602069763 Destination Interface Role wan dstcountry_code US Source Server 0 Sub Type forward utmref 65535-37914 Security Events
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would craft my url entries like these URL:*.fastpeoplesearch.com,*.google.com Type: Wildcard, Action: Exempt, Status:Enable
Fortigate Newbie
I got it to work.
It does not like any form of wildcard for some reason for allow or exempt. Firmware 5.6.3
I had to use
fastpeoplesearch.com, simple, allow
www.fastpeoplesearch.com, simple, allow
*, wildcard, block
now the site will come up and all others are still blocked
two things:
1. you url filter will not work because you set the action to "allow". This means it will allow it but check all other rules coming after that too. And your blocking all rule is of course matching too. So set the action to "exempt" to have it stop once the rule matched and not hit the block all rule.
2. url filter on https site will only work if you enable ssl deep inspection because without that it cannot see the url. Certificate inspection will also only see what is in subject (alternate) name which is usually only the domain or subdomain name of the site.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.