Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itnnetworks
New Contributor

Created on ‎05-12-2022 01:54 AM

Web Filter blocks IP

Hello, 

 

We have a fortigate 80F. There is a Firewall Policy, which has WebFilter enabled for traffic from LAN to Internet.

 

The problem is that we are trying to access a sftp with IP. I see in the logs that the IP is categorized as Unrated. 

I created a new Web Rating override and in the URL I've added the IP we are trying to access (The override is to use a different category to allow the access). Obviously the URL field is for URLs, so the IP is still been treated as unrated. To overcome this issue I have created a new Policy rule so the traffic for this specific IP is not using the WebFilter UTM.

Is there any way (except making the Unrated category allowed) to overcome this issue?

Labels:
8541
0 Kudos
1 Solution
seshuganesh
Staff
Staff

Created on ‎05-12-2022 02:24 AM

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

View solution in original post

8528
5 REPLIES 5
seshuganesh
Staff
Staff

Created on ‎05-12-2022 02:24 AM

Hi Team,

 

Could you please try to exempt this ip address under web filter profile >> url filter, you can see the below screenshot for the reference:

seshuganesh_0-1652347470012.png

 

You have to keep action as exempt and enable it.

Please keep us posted

8529
sw2090
SuperUser
SuperUser

Created on ‎05-12-2022 02:29 AM

yeah what seshuganesh says :)

Webfilter is made for FQDN not for ips. I also recommend using the url filter for that with an exempt rule like he described it.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
8494
vponmuniraj
Staff
Staff

Created on ‎05-12-2022 02:34 AM

Hi, 

 

Web filter works on HTTP / HTTPS ports. 

 

Can you paste the log as well as the firewall policy you are referring to? 

 

 

Regards,

Vignesh.

Vignesh
8494
sw2090
SuperUser
SuperUser

Created on ‎05-12-2022 07:06 AM

that too, vponmuniraj :)

Also it does not support wildcards while the url filter does.

And as said webflter is made for fqdns not ips.

Alas that is what TAC told me once :)

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
8478
0 Kudos
itnnetworks
New Contributor

Created on ‎05-20-2022 05:42 AM

Hi all, 

 

@seshuganesh solution is working. We can see now in logs that the traffic is marked as passthrough. Thank you all! 

8410
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.