Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tasneem
New Contributor

Created on ‎08-20-2018 04:15 AM

WEB FILTER- STATIC URL FILTERING

Hi All,

I have a web filter called (LAN USERS- New policy) .

*) In which in General category i have blocked job search .

*) but i want to allow only www.glassdoor.com and www.glassdoor.in which falls under job search category .

*) I went and allowed it in the STATIC URL FILTER of (LAN USERS- New policy).

 

But still i am not able to open www.glassdoor.com or www.glassdoor.in

Attached Screen shot the kind reference .

 

Regards

Tasneem Ahmed 

Preview file
192 KB
Labels:
19526
0 Kudos
16 REPLIES 16
robdog
New Contributor II

Created on ‎08-20-2018 04:42 AM

Does setting the option to exempt work rather than allow?

4542
0 Kudos
tasneem
New Contributor
In response to robdog

Created on ‎08-20-2018 05:27 AM

Hi Rob Dog

 

Thanks for the solution 

 

I changed it to exempt from allow . It worked for me and the site www.glassdoor.com is working now .

 

Regards

Tasneem Ahmed 

 

4542
0 Kudos
emnoc
Esteemed Contributor III
In response to robdog

Created on ‎08-20-2018 06:10 AM

Try this, sit the filter as ;  www.glassdoor.com

does that work?

 

Also try  glassdoor.com  again does that work?

 

IIRC you do not need the * in the site URL

 

Ken

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4541
0 Kudos
sw2090
Honored Contributor
In response to robdog

Created on ‎08-20-2018 07:02 AM

Yes exempt instead of allow might do the trick. 

This is because a simple "allow" does not stop the filter. So if static url filter goes before category-filter an allow entry will thus be blocked if the cathegoriy is blocked. I gues this is what happens here.

 

IF you set it to exempt (which implies allow) the Filter will stop there and will not apply further filters to this.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
4541
0 Kudos
emnoc
Esteemed Contributor III
In response to sw2090

Created on ‎08-20-2018 08:16 AM

Make sure  understand exempt and what your exemption are  before you enable it.

 

http://kb.fortinet.com/kb/viewContent.do?externalId=FD35069

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4541
0 Kudos
robdog
New Contributor II
In response to sw2090

Created on ‎08-20-2018 08:23 AM

I agree with emnoc, although exempt is a "quick fix" it should be used sparingly

 

Ideally should try to find why the allow is not matching the provided string by looking into any subsequent security polices

4541
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎08-20-2018 08:27 AM

You can also try defining a local category, which I would name it "whitelist", then put those URL in and allow them. It would override the pre-defined categories so they wouldn't affect.

4541
0 Kudos
Robbo009
New Contributor
In response to Toshi_Esumi

Created on ‎11-11-2019 08:25 AM

I have the same problems but in my case I have to use wildcard domains. It won't let me create local categories with wildcards. The only way I can see if block the category in web filter and create a static url. But then allow does not work you need to use exempt which as noted above is "dangerous". Whats the best way to block everything from LAN to internet but allow certain web services like Adobe Creative cloud and office 365 etc. 

Thanks,

Rob

4541
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Robbo009

Created on ‎11-11-2019 08:35 AM

Try "Internet Service" in the policy to allow like "Adobe-Adobe.Cloud", "Microsoft-Office365".
4541
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.