Hello,
I've followed the cookbook instructions "Overriding a web filter profile" and the question that has come up is this. Can I add this to an existing IPv4 Policy? Meaning can I simply add the user group to the "source" fields instead of going on to step 4 etc.
Link: http://cookbook.fortinet.com/overriding-web-filter-profile/
I have a FG800C with 5.4.0GA
-Stephen
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Your link is for 5.2.x instead of 5.4.x, so this doesn't match exactly as it is handled a little differently.
I think the matching 5.4 documentation is in the "Using Alternate Profiles" section of the documentation from:
Or are you asking if you don't have to apply a web filter with overrides to an existing policy at all? If you can just create multiple security policies, matching different source subnets/groups/users, with the security policies having different web filter profiles assigned?
That is what I'm doing with 5.4.3 (with different subnets, though groups should work as well). On the more open web filter I just set the higher risk areas that were allowed to "Warning" so users had to choose to specifically override the filter for a certain length of time, rather than turning on the "Allow users to override blocked categories" for specific users.
Your link is for 5.2.x instead of 5.4.x, so this doesn't match exactly as it is handled a little differently.
I think the matching 5.4 documentation is in the "Using Alternate Profiles" section of the documentation from:
Or are you asking if you don't have to apply a web filter with overrides to an existing policy at all? If you can just create multiple security policies, matching different source subnets/groups/users, with the security policies having different web filter profiles assigned?
That is what I'm doing with 5.4.3 (with different subnets, though groups should work as well). On the more open web filter I just set the higher risk areas that were allowed to "Warning" so users had to choose to specifically override the filter for a certain length of time, rather than turning on the "Allow users to override blocked categories" for specific users.
Hello,
I'll dig through your info here, I believe what I'm trying to do is just add the override to an existing IPv4 Policy. The example I have is that some user's via LDAP can override but others can't. I wanted to add the override group to a policy that exists.
I think my real question is, does the "source" field in the IPv4 Policies act as an AND for multiple user's or groups? So if the Source field includes "all (0.0.0.0/0)" AND the override group will it only work for the users in the override group?
I hope that makes sense.
-Stephen
tanr wrote:Your link is for 5.2.x instead of 5.4.x, so this doesn't match exactly as it is handled a little differently.
I think the matching 5.4 documentation is in the "Using Alternate Profiles" section of the documentation from:
Or are you asking if you don't have to apply a web filter with overrides to an existing policy at all? If you can just create multiple security policies, matching different source subnets/groups/users, with the security policies having different web filter profiles assigned?
That is what I'm doing with 5.4.3 (with different subnets, though groups should work as well). On the more open web filter I just set the higher risk areas that were allowed to "Warning" so users had to choose to specifically override the filter for a certain length of time, rather than turning on the "Allow users to override blocked categories" for specific users.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.