Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pblazey
New Contributor

Created on ‎07-12-2023 04:42 PM Edited on ‎07-12-2023 04:42 PM

Web filter Allow vs Exempt

Hi team,

 

NSE4 trainee here. Just trying to understand the functional real world difference between Allow and Exempt in the Web Filter. I understand that Allow continues through the remainder of the security profiles such as AV, IPS, Fortiguard web filtering etc whereas Exempt passes any further security inspection. 

 

What I don't understand is a situation where allow would actually do anything compared to exempt. In my experience, when a client requests for a URL to be whitelisted, the URL is already blocked by Fortiguard. When I select "Allow", it goes through normal "Web Filtering", which it passes due to the allow rule, but then is blocked by Fortiguard web filtering. When I select "Exempt", it passes through Fortiguard Web Filtering and any remaining security filters.

 

What is the use case for the "Allow" rule? When would the rule actually allow traffic? What else would be blocking the web traffic except for the Fortiguard web filter? Also, it's annoying that there's no inbetween - either bypass nothing or bypass Fortiguard web filter and every other security profile.

 

I'm sure that I'm missing something here, just looking to understand the answer

Labels:
3380
0 Kudos
4 REPLIES 4
jdelafuente_FTNT
Staff
Staff

Created on ‎07-12-2023 07:12 PM

Allow: Traffic is oassed to remaining operations, includin FortiGuard web filter, web content filter, web scripts filters and av scanning.
Exempt: Allow traffic from tusted sources to BYPASS all security inspections

More info: 
https://training.fortinet.com/ NSE4-Security Lesson 29.

Jonathan De La Fuente | LATAM TAC Engineer
3362
0 Kudos
pblazey
New Contributor

Created on ‎07-12-2023 07:15 PM

Hi Jonathan,

 

I've done that training and I was aware of the order of operations.

 

My question was relating to the allow rule's functionality. What is the use case for allow? When would "allow" actually allow something past the web filter without it then hitting the fortiguard web filter and being blocked?

3354
0 Kudos
jdelafuente_FTNT
Staff
Staff
In response to pblazey

Created on ‎07-12-2023 07:25 PM

Check this out:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-action-Allow-and-Exempt...

 

Best regards

Jonathan De La Fuente | LATAM TAC Engineer
3346
0 Kudos
jdelafuente_FTNT
Staff
Staff

Created on ‎07-12-2023 07:30 PM

More here:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Details-about-quot-pass-quot-and-quot-exem...

Jonathan De La Fuente | LATAM TAC Engineer
3344
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.