My first post, so firstly.... Hi. I've read a lot on this forum but never actually created an account to post anything, now that i have, I'm sure this is going to be the first of many.
I'm creating a static URL whitelist with whole load of URLs. I'm trying to make sure I get the rules right first time as I've been given an output from another appliance that was doing their web filtering for them and don't want to have to go through it again. So i just wanted to know....
if i want to allow (everything is blocked by default) xxx.yyy.zzz.com/abc would a 'simple' rule with that exact URL suffice? Or should i do a 'wildcard' rule with xxx.yyy.zzz.com/abc*?
Is there a difference?
I've read the guide for 5.6(the version I'm on) but all of the examples do not include subdomains nor do they say much about the wildcard option.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey mate,
I don't think you need to whitelist the "subdomains"
Let me say for example: You have fortinet.com and forum.fortinet.com, both are in a blacklist, if you whitelist fortinet.com any other blocking rule applied to this domain or "subdomains" would be overtaken.
Thats because a whitelist as higher priority over the blacklist.
Hey mate,
I don't think you need to whitelist the "subdomains"
Let me say for example: You have fortinet.com and forum.fortinet.com, both are in a blacklist, if you whitelist fortinet.com any other blocking rule applied to this domain or "subdomains" would be overtaken.
Thats because a whitelist as higher priority over the blacklist.
Donaire wrote:Thanks Donaire.Hey mate,
I don't think you need to whitelist the "subdomains"
Let me say for example: You have fortinet.com and forum.fortinet.com, both are in a blacklist, if you whitelist fortinet.com any other blocking rule applied to this domain or "subdomains" would be overtaken.
Thats because a whitelist as higher priority over the blacklist.
I guess my follow up question to that is...if i did want to be more specific and only allow forum.fortinet.com (and it's pages) but not the whole of fortinet then I'd do as mentioned and put an entry in for 'forum.fortinet.com'?
KiloBravo wrote:I am very sorry to appear late, as i have not been reading my email since then. How is this issue?Donaire wrote:Thanks Donaire.Hey mate,
I don't think you need to whitelist the "subdomains"
Let me say for example: You have fortinet.com and forum.fortinet.com, both are in a blacklist, if you whitelist fortinet.com any other blocking rule applied to this domain or "subdomains" would be overtaken.
Thats because a whitelist as higher priority over the blacklist.
I guess my follow up question to that is...if i did want to be more specific and only allow forum.fortinet.com (and it's pages) but not the whole of fortinet then I'd do as mentioned and put an entry in for 'forum.fortinet.com'?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.