What is the difference? Any pro's con's to one or the other?
Why would you need DNS filtering if you're already doing web filtering?
If you do not use the FortiGate as a DNS server does DNS filter do anything?
Solved! Go to Solution.
Here a practical example :
In my company, I can't use the dns filtering because of its requirement to use the fortiguard dns servers. We can't use external dns server.
with dns filtering you can't block access based on url. You blocked based on dns name resolution (ip address).
Let say for example, you want to block seattle.org/ordering but allow seattle.org/pictures. Because both url resolve to the same ip address will not obtain the desired result with dns filtering. It will block access to seattle.org as a whole.
web filtering filters based on url and because you will be able to block seattle.org/ordering but allow seattle.org/pictures.
Ask yourself this question, what will happen if fortigate can't connect to FORTIGUARD DNS servers in the middle of the night?
What will happen to your policy rules? Does it go to allow or deny everything?
Hi everyone,
Old post but I am wondering the same. If I understand well, Web filter gives you more control over the things you can allow or block, in addition you don't need to use the FortiGuard DNS servers, so you don't have this limitation. Then, my question is, why do you need DNS filter if you can do the same or better with Web filter? Any example?
Regards,
Julián
I've been tasked with implementing a solution for web filtering and web usage reporting and so I thought I'd look at something like OpenDNS Umbrella to throw in that DNS layer protection as well. I've done the demo, I've read the spec sheets, and I'm fairly satisfied with the results, especially given as our company is only 300 users dense. Price is ok.......My question is: Is there a better (and easy to implement/manage) solution for web filtering/usage reporting out there (besides Websense -- been there done that) that may or may not also cover DNS layer protection?
Talking about the DNSFilter, are there separate logs to show it working? Or are logged with the webfilter logs ?
DNS Filter Concepts:
[ul]Web Filter Concepts:
[ul]I have been using FGT2000 in my environment in explicit proxy mode. And I am unable to block malicious dns request. Is there any possibility that I can able to block and restrict malicious dns traffic on my firewall.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.