Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
right..
Just checked with wildcard option and *.ru/ and it works.
I'm on 6.0.3..
Site that you mentioned works "www.rum.se" and went trough list here on few and all blocked.
try..
I'm pretty sure this is an intended design - I know it was/is pointed out in the old 4.0.x documentation, that the fgt will insert a \ prefix in url expression before a \ character - you just don't see it in the GUI. Perhaps your issue is elsewhere - can you provide more info?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I have two fortigate, one running 5.4.8 and one running 5.6.4.
The first one (FortiOS 5.4.8) have a VDOM in proxy mode and I use the IPv4 Policy to apply a Webfilter + static URL filter to the traffic. The URL filter have a policy \.ru\b Block Enable and it works as intended blocking the top domain ru.
The second one (FortiOS 5.6.4) have no VDOMs, runs in proxy mode and I use the Explicit Proxy Policy to apply a Webfilter + static URL. The URL filter have a policy \.ru\b Block Enable and it does not work, I have tested many different regexp patterns. The interesting thing though is that using exactly the same regexp as above gives a different result e.g. no match for www.google.ru .and other .ru sites
If explicit proxy is setup on the second fgt, are you sure it is working properly? Have you forced (manual set a proxy server setting) on a client browser?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Yes, everything works correctly; AV, Webfilter, App-filter, Deep SSL-inspection - no problems.
I use PAC file and have no problem what so ever with that. Forced proxy setting make no difference.
So the logical conclusion is that handling of regular expressions must have changed. I can test the two systems side by side and get different results from the same URL filter regexp.
Hi,
I know it's a long shot but can you try only with .ru
so create new url filter and set to regex + block and enter only .ru and try.
That regexp surely blocks all .ru sites, but it also blocks
sites like www.rum.se and I dont want that.
right..
Just checked with wildcard option and *.ru/ and it works.
I'm on 6.0.3..
Site that you mentioned works "www.rum.se" and went trough list here on few and all blocked.
try..
Thanks, the wildcard option solves this particular use case.
I am still curious as to why the very same regexp gives different result in the two Fortigates though.
I have opened a TAC-case with this question.
Hi figge,
glad that this helps..
Do you have same fw version on both?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1558 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.