Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎12-25-2022 10:53 PM

Only specific website || Fortigate Firewall ||

Hi ALL,

We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.

 

I want to confirm if can we do it or not.

Labels:
4994
0 Kudos
5 REPLIES 5
Yurisk
SuperUser
SuperUser

Created on ‎12-26-2022 01:11 AM

Hi, yes, you can, using static URLs filter list in the Web Filtering. 

E.g. here I allow example.com and then block anything else:

 

Fortigate static URL filterFortigate static URL filter

 

Then use this Static-filter profile in security rules for outgoing web traffic. 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
4984
msanjaypadma
Staff
Staff

Created on ‎12-26-2022 03:30 AM

Hi Umesh,

 

You can use FQDN or  wild card FQDN  based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.

Refer below article for the same : 
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...

 

Thanks,

Mayur Padma

 

Mayur Padma
4977
pbangari
Staff
Staff

Created on ‎12-27-2022 12:30 AM

adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.

4951
sw2090
SuperUser
SuperUser

Created on ‎12-27-2022 04:51 AM

you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.

But FQDN objects like suggested by Mayur will work.

Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
4941
limcypackaging
New Contributor

Created on ‎08-19-2024 08:14 AM

To block or allow access to specific websites on a FortiGate firewall, you can create custom firewall rules using Fully Qualified Domain Names (FQDNs) or wildcards. This method requires no additional licenses, unlike web filtering features, which typically need a valid subscription. Alternatively, you can block websites by their IP addresses, though this approach may be less reliable as IPs can change​.

i also face this prob on this website limcypackaging.com/

2104
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.