Our network support vendor updated our Fortigate to a new firmware. After the update I' m having issues whitelisting sites. We are running: v5.0,build0228 (GA Patch 4)
Before the update we created categories for allowed sites staff or students. Now that category blocks sites. If I try to create a new filter manually with a site, it is still blocked.
I just submitted a ticket as well. I had created a simple whitelist for www.skype.com and set it to allow. I even added it to our custom categories override " allowed sites staff" , yet it is still blocked. The category comes up correctly when you try to go to the site.
I made some tests.
When I set URLfilter to www.skype.com, the ALLOW, MONITOR action will block it because the Category is set to block: Category: Internet Telephony
The reason is because the URL filter has actions:
Allow - Any attempt to access a URL that matches a URL pattern with an allow action is permitted. The traffic is passed to the remaining antivirus proxy operations, including FortiGuard Web Filter, web content filter, web script filters, and antivirus scanning.
Monitor - Traffic to, and reply traffic from, sites matching a URL pattern with a monitor be allowed through in the same way as the â€œAllowâ€ action. The difference with the Monitor action being that a log message will be generated each time a matching traffic session is established. The requests will also be subject to all other UTM inspections that would normally be applied to the traffic.
So it means, that you have to enable the www.skype.com by recategorizing the site into custom category - It worked for me.
The URL filter is usable only if you want to block some site or if you have trusted site you can enable it with Exempt action.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.