Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
New Contributor III

Only specific website || Fortigate Firewall ||

Hi ALL,

We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.

 

I want to confirm if can we do it or not.

4 REPLIES 4
Yurisk
Valued Contributor

Hi, yes, you can, using static URLs filter list in the Web Filtering. 

E.g. here I allow example.com and then block anything else:

 

Fortigate static URL filterFortigate static URL filter

 

Then use this Static-filter profile in security rules for outgoing web traffic. 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
msanjaypadma
Staff
Staff

Hi Umesh,

 

You can use FQDN or  wild card FQDN  based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.

Refer below article for the same : 
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...

 

Thanks,

Mayur Padma

 

Mayur Padma
pbangari
Staff
Staff

adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.

sw2090
Honored Contributor

you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.

But FQDN objects like suggested by Mayur will work.

Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams