hi,
on FortiGate 60D, I want allow web filter from URL filter.
but I try for setting and is not working? is still blocking!
may know do have sample or how to solve it?
thanks.
Solved! Go to Solution.
Did you resolve this? I know it's a pretty stale thread, but maybe this will help you or the next person.
Static URL filter is slightly counter-intuitive and may not behave quite the way you expect. Please review documentation (for 5.4, see http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/Web_Filter/Stati...). Pay close attention to the notes for Allow action. Allow passes the request on to other proxy functions, such as AV and Web Filter, so if the URL is in a blocked category, it will still be blocked. The Exempt action bypasses other proxy functions, and while this does prevent web filter from being applied, it also prevents AV scanning. A better solution may be to use web rating override to re-categorize a URL pattern from it's default Fortiguard category to another Fortiguard category or a custom category, then set that category action to the desired action.
NEVER use the "allow" action. Our organization ALWAYS exempts URLs in the CLi with the following action: "set exempt dlp fortiguard".
example:
edit 0
set url "yahoo.com"
set exempt dlp fortiguard
next
@kelvinshee - This also applies to the FortiGuard WCF categories. One should never set the action of an permitted/allowed Web Content Filter category to "Allow". Any allowed categories should be set to "Monitor". Otherwise, traffic to any domain allowed by category is not logged by the Fortigate. Should a user become infected as a result of a site allowed by category, not logging the domain would make any post-mortem investigations extremely difficult.
I also tried to use exempt instead of allow but still the same nba.com and espn.com still blocked.
Yes! I think I find the solution after I do research I found the Web Rating Overrides. I do create new and add those websites which are blocked in fortiguard sports category and now nba.com and espn.com is working now. Thanks for your replies...
this is working in my case!
Step 1:
Just Enable URL Filter enter the website name and allow it
Step 2:
Bottom of URL filter tab you can see Content filter tab just enable it
Enter the website name with https: and wwww and choose wildcard and regular expression.
Then website will be allowed to acces.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.