After upgrading from FortiClient 7.0.10 to 7.2.3, I've noticed that the exclusion list in the Web Filter no longer works. No changes were made to the web filter policies, web browser plug-in is enabled in the policy and installed on the client, what gives? My clients are all configured to use the web fliter plugin only when the endpoints are off-fabric,
For example, If I try to block Facebook, Twitter, or TikTok using a deny entry for each in the Web Filter Exclusion list, the sites do not get blocked on the client. I've tried all three exclusion types (Simple, Regular Expression, and Wildcard) and none of them block the sites any longer.
I've tried in both Edge and Chrome with the same results.
Downgrading back to 7.0.10 resolves the issue.
Anyone else experiencing this?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just updated to FortiClient to 7.2.5 and was pleasantly surprised to find that all of my web filter issues are now resolved. With the option "Wildcard Match Root Domain" enabled and in the Exclusion list setting Action: "Block", Type: "Simple", and URL as "whateverdomain.com" everything works perfectly now. It's odd because the release notes disclose the following as a new known issue:
1054211 | Web Filter exclusion list Action > Block does not work as expected. |
However, in my case it now works as expected for some reason, when it didn't in prior versions. So glad that is now working.
Your issue may look like the below bug that affects version 7.2.3.
962502 Web Filter does not respect exclusion list when imported from FortiGate with web category overrides.
I saw that too and should have mentioned that I'm not using an imported web profile. I double checked, and there are no imported profiles at all listed in EMS. Just to be safe I created an entirely new web profile in EMS to test just blocking Facebook and it just doesn't work in 7.2.X.
Not sure how I missed it earlier (unless it wasn't listed yet), but it appears to be the below bug that affects versions 7.2.1 - 7.2.3 in combination with the FortiClient Web Filter handling the Wildcard type expressions differently than the FortiGate and FortiClient versions before 7.2.1 do.
875298 | Exclusion list does not work properly with regular expressions. |
I had erroneously assumed that the FortiClient 7.2.3 web filter would process the filtering types the same way the FortiGate Web Filter does which is outlined here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-URL-Filter-expressions-for-the-FortiGate/t...
Unfortunately, it seems as though the Wildcard filtering type does not behave the same way in the FortiClient 7.2.1+ web filter as they do in earlier versions of FortiClient (or as they do in a FortiGate web filter profile). I was finally able to block websites using FortiClient 7.2.3 by using the Wildcard type filter and using it in the format of *Website.com, using *.Website.com would NOT block Website.com as was the previous behavior.
I lied, I'm back to square one. Has anyone figured out how to actually get the Forticlient web filter to actually block a website in 7.2.X? No matter what method I try Simple, RegEx, or Wildcard, I can not block a website.
Sometimes the first time I visit a site that should be blocked, it appears to work and even gets logged in FortiClient as blocked, but then after a couple of seconds (or if I refresh the page) successfully opens the webpage.
How would you recommend blocking, for example access to the entire domain of, lets say cisco.com? I simply can not get it to work reliably.
Just updated to FortiClient to 7.2.5 and was pleasantly surprised to find that all of my web filter issues are now resolved. With the option "Wildcard Match Root Domain" enabled and in the Exclusion list setting Action: "Block", Type: "Simple", and URL as "whateverdomain.com" everything works perfectly now. It's odd because the release notes disclose the following as a new known issue:
1054211 | Web Filter exclusion list Action > Block does not work as expected. |
However, in my case it now works as expected for some reason, when it didn't in prior versions. So glad that is now working.
Use deep ssl inspection
https://docs.fortinet.com/document/fortigate/7.6.0/best-practices/598577/ssl-tls-deep-inspection
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1703 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.