How to configure Static URLfilter in Fortigate 4.0 with FortiGuard license expired
We are using Fortigate 200A with version 4.0 (MR2 Patch 2) and Fortiguard license expired.
Now, we are planning to block few websites to overcome Internet Bandwidth high utilization issue.
I have configured Webfilter under UTM services, but it does not work. I think its because of no FortiGuard active licence.
I heard that we can use Static Filter list here. Can someone guide me, how to use it, since I do not see static filter option in GUI mode. Or is there any other way to block websites without having Fortiguard active license.
I have to disagree and what the op wants todo is to place static entries and NOT use fortiguard ( assumption ). This will work but is not reccommend by FTNT and could cause issues with blocking legit sites if done in-correctly.
You could define a filter to block wildcard and then add the sites that you want to allow or even the vice-versa block sites specific & then with a wildcard allowance. BTW I've done this in K-12 edu with site allowances.
Be very very very careful in your approach and method. BUT categorization and with a expired fortiguard license will most likely break all.
i was referring to url filter as static filtering all along as i thought you were doing the same. My requirement was to block https without ssl inspection which is current on going. So static filtering is used there, but i doubt it can block https. So waiting for TAC's further response now.
Do you have Fortiguard service license and is it active? In that example you reference, I believe they are blocking by web category ( Social Networking ) and by extracting the CN field from the cert , so we can drop the session without ssl-deep-scan
e.g look at the receiving the cert in the server.hello
are you saying we ought to use this exact name as shown in the cert. In TAC's response he suggested *.facebook.*
Further in the doc on using url filter, they only ask you to use *facebook.com.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.