Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emoralesa
New Contributor

Website blocking

Hello everyone 

 

I hope you can support me: I added a page in the web filter menu, in the static url filter-enable url filter section, only that people can still see the web page, what should I do so that they do not really have access to that site? The appliance that I have is a Fortigate 60D.

 

Thank you very much for your support

1 Solution
Toshi_Esumi
Esteemed Contributor III

You just need to apply "default" Web Filter profile, which you just modified, to the outgoing FW policy.

View solution in original post

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor III

You just need to apply "default" Web Filter profile, which you just modified, to the outgoing FW policy.

emoralesa

Everything worked correctly. I appreciate your support very much 

upgradeyard
New Contributor

To prevent access to a specific website using the Fortigate 60D appliance and its web filter feature, you can follow these steps:

  1. Log in to the Fortigate 60D appliance's web-based management interface.
  2. Navigate to the "Security Profiles" menu and select "Web Filter".
  3. In the "Web Filter" page, click on the "Static URL Filter" tab.
  4. Under the "Enable URL Filter" section, click on the "Create New" button to add a new URL filter rule.
  5. In the "URL Filter Name" field, give a descriptive name to the rule (e.g., Block Website X).
  6. In the "Pattern" field, enter the URL or domain of the website you want to block
  7. In the "Action" field, select "Block" to deny access to the specified URL.
  8. Adjust other settings as needed (e.g., select the appropriate profile, enable logging).
  9. Click "OK" to save the URL filter rule.
  10. Make sure the web filter profile is applied to the relevant policy or interface to enforce the blocking.

After these steps, when users try to access the specified website, they should receive a block page indicating that the site is not accessible.

Keep in mind that for the web filter to work correctly, you need to ensure that the Fortigate 60D is properly configured with the necessary network and security policies, and that traffic is passing through the appliance as intended.

It's also worth noting that web filtering can be bypassed by various means, such as using VPNs or proxy servers. Therefore, it's important to regularly review and update your web filter rules to adapt to new websites or methods that may be used to bypass restrictions.

 

for more information check this: yardgearsguide.com

narsiisfahani
New Contributor

I'd be happy to help you with your Fortigate 60D configuration! If you've added a page to the web filter menu but people can still access it, there may be some misconfiguration or additional steps required. Here are some troubleshooting steps to ensure that the web page is blocked correctly:

  1. Double-check the Web Filter Profile: Ensure that the web filter profile you created is applied to the correct security policy that controls the traffic. If the profile is not correctly associated with the security policy, the filtering rules won't take effect.

  2. Verify the URL Filter List: In the web filter profile, check the "Static URL Filter" section to make sure the page's URL is correctly added to the blocked list. Verify that the URL you added matches the one you want to block and that there are no typos or errors in the URL.

  3. Confirm Policy Order: Make sure the policy that applies the web filter profile is evaluated before any policies that allow access. Fortigate policies are evaluated from top to bottom, and the first matching policy will be applied. If there's a policy allowing access to the website like https://10thclassresult.site/ above the filtering policy, it will take precedence.

  4. Test from Different IP: Sometimes, the Fortigate firewall may have cached DNS results. To ensure the filtering is working correctly, try accessing the website from a different device or IP address that hasn't accessed the site before.

  5. Clear DNS Cache: If the Fortigate device is responsible for DNS resolution, you may need to clear the DNS cache to ensure it recognizes the updated filtering rules.

jackys
New Contributor

Here's a step-by-step guide to help you resolve the issue:

  1. Double-check the URL filter configuration: a. Log in to your Fortigate 60D appliance. b. Navigate to the web filter menu and select "Static URL Filter" or "URL Filter" (depending on your firmware version). c. Make sure you have correctly added the URL or domain name of the webpage you want to block.

  2. Verify the policy order: a. Check the security policy order to ensure the web filter policy is placed above any other policies that might allow access to the webpage. b. Fortigate evaluates policies from top to bottom, and the first matching policy is applied. If a less restrictive policy (e.g., a general allow policy) is matched before the URL filter policy, it could still allow access to the blocked webpage.

  3. Check the policy action: a. Ensure that the action associated with the web filter policy is set to "Deny" or "Block." b. If the action is set to "Warning" or "Monitor," users might receive a warning or the webpage access will be logged, but they can still access the website .

  4. Verify user groups and IPs: a. Ensure that the web filter policy is correctly applied to the relevant user groups or IP addresses. b. If the policy is not targeting the correct users or devices, it won't block the webpage for those users.

  5. Refresh the web filter: a. After making any changes to the policies or configurations, refresh or apply the changes in the Fortigate management interface.

  6. Clear the DNS cache on client devices: a. Sometimes, client devices store DNS cache, which may temporarily allow access to websites even after blocking. Clear the DNS cache on the client devices or wait for the cache to expire.

  7. Test from a different network: a. To ensure the blocking is not specific to the network, test accessing the webpage from a different network or device.

Labels
Top Kudoed Authors