Dear Fortinet Community.
First of all the infos:
Firewall model: Fortigate 100F
version: 7.4.5
We have a thing I cannot explain to myself. I think the behaviour to handle it like this is since we have updated from 7.4.4 to 7.4.5. But I am not sure.
We see a WebFilter violation when opening a http (not https) website. This website is in the category Phishing. We encountered it when installing a program that wants to download a executable file from this http source. Category Phishing is set to block in the WebFilter. Just to let you know. I made a ssl expection exception for the website. This helps to open the webpage when using SSL (https) but not without SSL, so http. The installer wants to reach the website by http.
Probably I am wrong now but in the past we have added websites to the static URL Filter in the webfilter settings in order to reach them and to override a category filter. I have understood the static web filter as something like an override for categories. So whatever I do all my Static URL filters I have added in the past lead to the result that I cannot open a webpage if it is in the category like Phishing although it is allowed in the static URL filter.
It looks like this when I open the http website:
Is there a way I do not know without making a Policy rule especially for this website without a webfilter so that I can reach the website and can download an executable file? Like I said. Important to know is that the installer wants to download the file via http not https. And important to know is that we use flow based...
Any help is very much appreciated.
With kindest regards
FortiLover
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
> although it is allowed in the static URL filter.
You need to set the static URL filter action to "exempt". "allow" does not override a block-result from FortiGuard categorization, only "exempt" does.
> although it is allowed in the static URL filter.
You need to set the static URL filter action to "exempt". "allow" does not override a block-result from FortiGuard categorization, only "exempt" does.
Created on 10-09-2024 07:07 AM Edited on 10-09-2024 07:08 AM
Thank you very much. This was very helpful and THE solution. For my case I have described before, we have initiated a recategorisation for the website and I need to say. This has been done within some minutes and worked perfectly as well. We have informed the manufacturer as well in order to let them know that their webspace has been categorised as Phishing and that they probably should check if something suspicious happened with their servers. All in all again thank you very much for the super fast help @pminarik. Awesome!!! Really awesome!
Happy to help!
You can enter the URL here - https://www.fortiguard.com/webfilter - to find out its categorization history. You can also use the same place to request a change in rating.
Wow. Thank you very much. This history page is very handy dandy!!! Thank you very much again. This is a nice information I was not aware of.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.