Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itnnetworks
New Contributor

Web Filter blocks IP

Hello, 

 

We have a fortigate 80F. There is a Firewall Policy, which has WebFilter enabled for traffic from LAN to Internet.

 

The problem is that we are trying to access a sftp with IP. I see in the logs that the IP is categorized as Unrated. 

I created a new Web Rating override and in the URL I've added the IP we are trying to access (The override is to use a different category to allow the access). Obviously the URL field is for URLs, so the IP is still been treated as unrated. To overcome this issue I have created a new Policy rule so the traffic for this specific IP is not using the WebFilter UTM.

Is there any way (except making the Unrated category allowed) to overcome this issue?

1 Solution
seshuganesh
Staff
Staff

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

View solution in original post

5 REPLIES 5
seshuganesh
Staff
Staff

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

sw2090
SuperUser
SuperUser

yeah what seshuganesh says :)

Webfilter is made for FQDN not for ips. I also recommend using the url filter for that with an exempt rule like he described it.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
vponmuniraj
Staff
Staff

Hi, 

 

Web filter works on HTTP / HTTPS ports. 

 

Can you paste the log as well as the firewall policy you are referring to? 

 

 

Regards,

Vignesh.

Vignesh
sw2090
SuperUser
SuperUser

that too, vponmuniraj :)

Also it does not support wildcards while the url filter does.

And as said webflter is made for fqdns not ips.

Alas that is what TAC told me once :)

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
itnnetworks
New Contributor

Hi all, 

 

@seshuganesh solution is working. We can see now in logs that the traffic is marked as passthrough. Thank you all! 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors