Hi ALL,
We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.
I want to confirm if can we do it or not.
Hi, yes, you can, using static URLs filter list in the Web Filtering.
E.g. here I allow example.com and then block anything else:
Then use this Static-filter profile in security rules for outgoing web traffic.
Hi Umesh,
You can use FQDN or wild card FQDN based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.
Refer below article for the same :
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...
Thanks,
Mayur Padma
adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.
you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.
But FQDN objects like suggested by Mayur will work.
Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
If you're looking to restrict access to specific websites on a FortiGate firewall without a web filter license, you might have limited options since web filtering functionality is typically associated with such licenses. Check here in the below;
DNS Filtering: You could create DNS policies that resolve specific domain names to an invalid or non-existent IP address. This can effectively block access to those websites, but it's not foolproof since users could potentially change their DNS settings.
IP Address Blocking: If you know the IP addresses of the websites you want to block, you could create firewall policies to deny traffic to those specific IPs. This might be effective, but IP addresses can change and websites can have multiple IP addresses.
Custom Firewall Rules: You can create custom firewall rules to block traffic to specific ports or IP ranges associated with the websites you want to restrict. This is a manual process and may not be as accurate as using a web filter.
Hosts File Modification: On individual devices, you could modify the hosts file to redirect specific domain names to a non-existent IP address. This would block access to those domains on that particular device.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.