Fortinet Community

7bits · ‎08-30-2011

Hi there I' ve a question. Is it possible with a fortinet 60c to make URL Filtering like ISA Server 2006 or TMG2010 to make only available: /owa /ActiveSync.... etc.?? If yes do i have to go under URL Filtering and add it like that -> https://exchangeserver/owa | https://exchangeserver/ActiveSync ??? Thanks for an advice! Greetings 7bits

ejhardin · ‎08-30-2011

Not possible with a fortigate... This is way I still have my ISA server.

lmuir · ‎08-30-2011

ORIGINAL: ejhardin Not possible with a fortigate... This is way I still have my ISA server.

Wait, why not? Couldn' t you SSL offload to the FGT, and use URL filtering?

ejhardin · ‎08-31-2011

Wait, why not? Couldn' t you SSL offload to the FGT, and use URL filtering?

Maybe... I don' t have a device that will do VIP SSL Offloading. 7bits stated that he has a 60c and I don' t believe that the 60c has the ability to VIP SSL Offload.

ekontos · ‎08-31-2020

Has anyone been able to resolve this issue or do we have to look at a different firewall product?

sw2090 · ‎09-07-2020

to be able to do url filtering with https you have to have ssl deep inspection enabled on the policy.

Then make one policy that hits trtaffic to the server and set an urlfilter that only allows those two paths.

Maybe it is a good idea to create those as wildcard rules. Set the action to exempt instead of allow.

Then create a third rule that blocks everything. This one must be the last rule.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Fortinet Community

Publishing OWA with URL Filtering