NSE4 trainee here. Just trying to understand the functional real world difference between Allow and Exempt in the Web Filter. I understand that Allow continues through the remainder of the security profiles such as AV, IPS, Fortiguard web filtering etc whereas Exempt passes any further security inspection.
What I don't understand is a situation where allow would actually do anything compared to exempt. In my experience, when a client requests for a URL to be whitelisted, the URL is already blocked by Fortiguard. When I select "Allow", it goes through normal "Web Filtering", which it passes due to the allow rule, but then is blocked by Fortiguard web filtering. When I select "Exempt", it passes through Fortiguard Web Filtering and any remaining security filters.
What is the use case for the "Allow" rule? When would the rule actually allow traffic? What else would be blocking the web traffic except for the Fortiguard web filter? Also, it's annoying that there's no inbetween - either bypass nothing or bypass Fortiguard web filter and every other security profile.
I'm sure that I'm missing something here, just looking to understand the answer
Allow: Traffic is oassed to remaining operations, includin FortiGuard web filter, web content filter, web scripts filters and av scanning. Exempt: Allow traffic from tusted sources to BYPASS all security inspections
I've done that training and I was aware of the order of operations.
My question was relating to the allow rule's functionality. What is the use case for allow? When would "allow" actually allow something past the web filter without it then hitting the fortiguard web filter and being blocked?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.