Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: How to configure Static URLfilter in Fortigate...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to configure Static URLfilter in Fortigate 4.0 with FortiGuard license expired
Hi,
We are using Fortigate 200A with version 4.0 (MR2 Patch 2) and Fortiguard license expired.
Now, we are planning to block few websites to overcome Internet Bandwidth high utilization issue.
I have configured Webfilter under UTM services, but it does not work. I think its because of no FortiGuard active licence.
I heard that we can use Static Filter list here. Can someone guide me, how to use it, since I do not see static filter option in GUI mode. Or is there any other way to block websites without having Fortiguard active license.
Thanks and Regards
Naveen
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The whole thing won't work without a license.
I have to disagree and what the op wants todo is to place static entries and NOT use fortiguard ( assumption ). This will work but is not reccommend by FTNT and could cause issues with blocking legit sites if done in-correctly.
You could define a filter to block wildcard and then add the sites that you want to allow or even the vice-versa block sites specific & then with a wildcard allowance. BTW I've done this in K-12 edu with site allowances.
Be very very very careful in your approach and method. BUT categorization and with a expired fortiguard license will most likely break all.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navin.cool wrote:Yes my license is active.you are referring static filtering as web filter, which is part of Fortiguard services.
So, in your case, do you have active fortiguard license ?
For me, this license expired already.
Inside webfilter below the categories you see the url filter option. And yes it's in web filter.
- « Previous
-
- 1
- 2
- Next »
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can see "web filter" under UTM. But I think this is part of FortiGuard.
The doc which you suggested is referring to the same.
But I am looking for static Filtering. How to start with "Static Filter" configuration ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navin.cool wrote:I can see "web filter" under UTM. But I think this is part of FortiGuard.
The doc which you suggested is referring to the same.
But I am looking for static Filtering. How to start with "Static Filter" configuration ?
I really don't think there is any such feature, did you this in any docs or videos? Share that link, maybe we can figure something out then.
Even googling "fortigate static filter" brings up url filter in the results.
Also you should try their chat support.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ahhhh, then what you mean for below one of your reply.
----------------------------------------------------------------------------------------------------------------------
"With no license fortigate webfiltering will not work AT ALL. It will just block all legit traffic as well.
and on using static filtering i'm in the middle of doing this with fortinet TAC. HTTPs won't be blocked with this unless you install cert on clients with ssl inspection on."
----------------------------------------------------------------------------------------------------------------------
I too get the same result when I do googling :)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navin.cool wrote:ahhhh, then what you mean for below one of your reply.
----------------------------------------------------------------------------------------------------------------------
"With no license fortigate webfiltering will not work AT ALL. It will just block all legit traffic as well.
and on using static filtering i'm in the middle of doing this with fortinet TAC. HTTPs won't be blocked with this unless you install cert on clients with ssl inspection on."
----------------------------------------------------------------------------------------------------------------------
I too get the same result when I do googling :)
i was referring to url filter as static filtering all along as i thought you were doing the same. My requirement was to block https without ssl inspection which is current on going. So static filtering is used there, but i doubt it can block https. So waiting for TAC's further response now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you are referring static filtering as web filter, which is part of Fortiguard services.
So, in your case, do you have active fortiguard license ?
For me, this license expired already.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
navin.cool wrote:Yes my license is active.you are referring static filtering as web filter, which is part of Fortiguard services.
So, in your case, do you have active fortiguard license ?
For me, this license expired already.
Inside webfilter below the categories you see the url filter option. And yes it's in web filter.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, its clear now.
So, in my case I can not do any filtering, until get the new fortiguard license.
Thanks guys, for your great knowledge sharing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:Do you have Fortiguard service license and is it active? In that example you reference, I believe they are blocking by web category ( Social Networking ) and by extracting the CN field from the cert , so we can drop the session without ssl-deep-scan
e.g look at the receiving the cert in the server.hello
id-at-commonName=*.facebook.com
are you saying we ought to use this exact name as shown in the cert. In TAC's response he suggested *.facebook.*
Further in the doc on using url filter, they only ask you to use *facebook.com.
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,738 -
FortiClient
1,775 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1732 | |
| 1106 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.