Policy based on specific URLs

Mahmood_Fraidoon · ‎01-22-2014

Hello I was wondering if I can create a objects based on URL instead of IP address

rwpatterson · ‎01-22-2014

Yes. Select ' FQDN' from the drop down box. (Fully Qualified Domain Name)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Mahmood_Fraidoon · ‎01-22-2014

I tried entering FQDN in different formats, still traffic is not going through that policy. I tried http://www.google.com www.google.com google.com

robertwb2 · ‎01-30-2014

I am having the same problem. I would like to add a policy based on a certain address, however none of the traffic ever goes thru that Policy with the FQDN, I have moved it to the top of the policy list, I' ve tested it in many different ways, yet the traffic does not flow thru that policy like I have it set. I am also wondering what I am doing wrong. Thanks Robert

Mahmood_Fraidoon · ‎01-30-2014

Hello I found the root of my problem. My fortigate was pointing to my ISP DNS where my machine was pointing to domain controller DNS. Therefore both were resolving FQDN to different IPs. Change your fortigate or machine DNS and make them identical. that should solve your issue.

Mahmood_Fraidoon · ‎01-30-2014

FGT # diag test application dnsproxy ? 1. Clear dns cache 2. Show stats 3. Dump DNS setting 4. Reload FQDN 5. Requery FQDN 6. Dump FQDN compare it with you nslookup result from your machine.

robertwb2 · ‎02-05-2014

Hi...thanks for the help! I checked my DNS settings on my Fortigate and they are the same as on my local machine, however, I' m still having trouble with the FQDN What I' m trying to do is Traffic Shape any traffic going to googlevideo.com - I' ve used the application sensors for YouTube, however, seems like we have lots of traffic every day to googlevideo that needs to be put into a lower priority, so I create a new policy and put in the destination as googlevideo.com (which I created as a FQDN in addresses) and put my traffic shaper on it, it still does not work....any hints and tips are much appreciated. THANK YOU Robert

AtiT · ‎02-07-2014

Hi, try to check the resolved FQDN addresses on Fortigate and client machines by nslookup whether they are the same: diagnose firewall fqdn list You can also try to clear the results with diagnose firewall fqdn flush - and wait what the new IP addresses will be found. They should be the same.

AtiT

robertwb2 · ‎02-07-2014

Ok! Great. Flushing out the cache did do the trick. My next quick question is how do I get it to see the traffic going to a subdomain of googlevideo.com? I know writing it like this: *.googlevideo.com isn' t working for me. Is there a way to even do that? To get all traffic going to " anything" .googlevideo.com to go thru that policy. Thanks so much for the help so far! Robert

Nihas · ‎05-13-2015

Hi ,

I want to have the firewall synced with the DNS server.How can i forcefully try to get the IP's against DNS.

I did a dia firewall fqdn flush and now I cannot see any DNS entries on ' dia firewall fqdn list".

Please help

Nihas [\b]

Policy based on specific URLs

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website