We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.
I want to confirm if can we do it or not.
Hi, yes, you can, using static URLs filter list in the Web Filtering.
E.g. here I allow example.com and then block anything else:
Fortigate static URL filter
Then use this Static-filter profile in security rules for outgoing web traffic.
Yurihttps://yurisk.info/ blog: All things Fortinet, no ads.
You can use FQDN or wild card FQDN based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.Refer below article for the same : https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...
adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.
you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.
But FQDN objects like suggested by Mayur will work.
Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.