Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎12-25-2022 10:53 PM

Only specific website || Fortigate Firewall ||

Hi ALL,

We have requirement for website, want to allow only specific websites at fortigate firewall. but we don't any web filter license on the firewall.

 

I want to confirm if can we do it or not.

Labels:
4185
0 Kudos
5 REPLIES 5
Yurisk
SuperUser
SuperUser

Created on ‎12-26-2022 01:11 AM

Hi, yes, you can, using static URLs filter list in the Web Filtering. 

E.g. here I allow example.com and then block anything else:

 

Fortigate static URL filterFortigate static URL filter

 

Then use this Static-filter profile in security rules for outgoing web traffic. 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
4175
msanjaypadma
Staff
Staff

Created on ‎12-26-2022 03:30 AM

Hi Umesh,

 

You can use FQDN or  wild card FQDN  based policy. So where you can specify required website URL/FQDN address object and call that address object into firewall policy and action set to Accept.

Refer below article for the same : 
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/329154/support-for-wildcard-fqdn-add...

 

Thanks,

Mayur Padma

 

Mayur Padma
4168
pbangari
Staff
Staff

Created on ‎12-27-2022 12:30 AM

adding to above configuration suggestion, make sure that the client and the Fortigate resolves the fqdn to the same IP address.

4142
sw2090
SuperUser
SuperUser

Created on ‎12-27-2022 04:51 AM

you cannot use the url filter as suggested by Yuri unless you have a valid webfilter license.

But FQDN objects like suggested by Mayur will work.

Just create a policy that allows internet traffic only to this FQDN(s) and make sure anything else does not match any internet policy so it will be dropped by the implicit deny policy.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
4132
limcypackaging
New Contributor

Created on ‎08-19-2024 08:14 AM

To block or allow access to specific websites on a FortiGate firewall, you can create custom firewall rules using Fully Qualified Domain Names (FQDNs) or wildcards. This method requires no additional licenses, unlike web filtering features, which typically need a valid subscription. Alternatively, you can block websites by their IP addresses, though this approach may be less reliable as IPs can change​.

i also face this prob on this website limcypackaging.com/

1295
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.