Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khemlina
New Contributor II

whitelist specific user IP address from block all users web filtering in Fortigate 100F

I create web filtering name Block_Social_Media and apply for all user in Vlan4, but I want to whitelist a few IP address of this Vlan4 to access Social Media. How to config that in FortiGate?

3 Solutions
VinayHM
Staff
Staff

Hi @khemlina 

 

You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.

 

Regards,

Vinay HM

View solution in original post

pjawalekar
Staff
Staff

Hi khemlina,

 

As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.

Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...   

 

Regard's,
Pratik

 

View solution in original post

Rajneesh
Staff
Staff

You can create a new policy and in the source allow the  few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media, 
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.

 

 

View solution in original post

6 REPLIES 6
VinayHM
Staff
Staff

Hi @khemlina 

 

You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.

 

Regards,

Vinay HM
khemlina
New Contributor II

Hi @VinayHM 
I'm not sure understand well so
1-create another web filter (ex: No_Block_Social_Media)

2-create source address (IP address that we allow to access social media)
3-create policy

 

pls help to add more details for this.
thanks

VinayHM

Hi @khemlina 

Yes, Create a new web filter and make sure social media is allowed.

create another policy (on top where vlan 4 users are blocked by social media), In this policy call the newly created web filter.

And finally, Call the user group or address object in the source address.

 

Regards,

Vinay HM
pjawalekar
Staff
Staff

Hi khemlina,

 

As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.

Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...   

 

Regard's,
Pratik

 

Rajneesh
Staff
Staff

You can create a new policy and in the source allow the  few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media, 
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.

 

 

khemlina
New Contributor II

Hello all
Thanks for your guideline. Now It's working.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors