I create web filtering name Block_Social_Media and apply for all user in Vlan4, but I want to whitelist a few IP address of this Vlan4 to access Social Media. How to config that in FortiGate?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @khemlina
You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.
Regards,
Hi khemlina,
As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.
Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's
Regard's,
Pratik
You can create a new policy and in the source allow the few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media,
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.
Hi @khemlina
You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.
Regards,
Hi @VinayHM
I'm not sure understand well so
1-create another web filter (ex: No_Block_Social_Media)
2-create source address (IP address that we allow to access social media)
3-create policy
pls help to add more details for this.
thanks
Hi @khemlina
Yes, Create a new web filter and make sure social media is allowed.
create another policy (on top where vlan 4 users are blocked by social media), In this policy call the newly created web filter.
And finally, Call the user group or address object in the source address.
Regards,
The newly created policy has specify IP addresses instead of all in the destination address, the web filter can be disable because this policy only allows connection to the specified IP addresses.
Regards,
Dongfang
Hi khemlina,
As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.
Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's
Regard's,
Pratik
You can create a new policy and in the source allow the few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media,
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.
Hello all
Thanks for your guideline. Now It's working.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.