Fortinet Community

Umesh · ‎12-25-2022

Hi ALL,

We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.

I want to confirm if can we do it or not.

Yurisk · ‎12-26-2022

Hi, yes, you can, using static URLs filter list in the Web Filtering.

E.g. here I allow example.com and then block anything else:

Fortigate static URL filter

Then use this Static-filter profile in security rules for outgoing web traffic.

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.

All opinions are mine only.

msanjaypadma · ‎12-26-2022

Hi Umesh,

You can use FQDN or wild card FQDN based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.

Refer below article for the same :
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...

Thanks,

Mayur Padma

pbangari · ‎12-27-2022

adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.

sw2090 · ‎12-27-2022

you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.

But FQDN objects like suggested by Mayur will work.

Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Fortinet Community

Only specific website || Fortigate Firewall ||