- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only specific website || Fortigate Firewall ||
Hi ALL,
We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.
I want to confirm if can we do it or not.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, yes, you can, using static URLs filter list in the Web Filtering.
E.g. here I allow example.com and then block anything else:
Fortigate static URL filter
Then use this Static-filter profile in security rules for outgoing web traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Umesh,
You can use FQDN or wild card FQDN based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.
Refer below article for the same :
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...
Thanks,
Mayur Padma
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.
But FQDN objects like suggested by Mayur will work.
Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To block or allow access to specific websites on a FortiGate firewall, you can create custom firewall rules using Fully Qualified Domain Names (FQDNs) or wildcards. This method requires no additional licenses, unlike web filtering features, which typically need a valid subscription. Alternatively, you can block websites by their IP addresses, though this approach may be less reliable as IPs can change​.
i also face this prob on this website limcypackaging.com/
