Can you please help me to understand how the custom URL works in fortigate?
I have a scenario like below , please help.
1. https://prod.company.com/sitea --- Allow ( IP 188.8.131.52)
2. http://dev.company.com:9898/sitea -- Allow
( Only these 2 above sites needs to be allowed from the highly protected network)
Rest all including ,
3. https://prod.company.com ( IP 184.108.40.206)
6. "*.company.com" should be blocked at our end. But the challenge here is both allow and deny URL's having same IP. In such scenario how does a brilliant Fortigate take a decision?
1. Basically how does a fortigate determines a http & https traffic belongs to a particular category / URL filter?
1.a - Which field of packets does it inspect to get the details ( CN / SNI / ?? )
2. How can I create a URL filtering profile for the above scenario? Will the below work?
https://prod.company.com/sitea -- simple - allow
http://dev.company.com:9898/sitea --- simple --allow
*.* -- wildcard -- Block
Thank You in advance.. :)
1. Does Fortigate send the request to Fortigurad service for each http & https request?
2. Which part of packet does it consider for the inspection ? CN or http header or SNI or IP ?
3. How does it take a decision if both allow & deny URL's are configured in a same IP?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.