Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khemlina
New Contributor II

Created on ‎08-09-2023 09:07 PM Edited on ‎08-09-2023 09:08 PM

whitelist specific user IP address from block all users web filtering in Fortigate 100F

I create web filtering name Block_Social_Media and apply for all user in Vlan4, but I want to whitelist a few IP address of this Vlan4 to access Social Media. How to config that in FortiGate?

Labels:
3100
0 Kudos
3 Solutions
VinayHM
Staff
Staff

Created on ‎08-09-2023 09:10 PM

Hi @khemlina 

 

You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.

 

Regards,

Vinay HM

View solution in original post

3091
pjawalekar
Staff
Staff

Created on ‎08-09-2023 09:22 PM

Hi khemlina,

 

As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.

Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...   

 

Regard's,
Pratik

 

View solution in original post

3076
Rajneesh
Staff
Staff

Created on ‎08-09-2023 09:26 PM

You can create a new policy and in the source allow the  few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media, 
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.

 

 

View solution in original post

3071
7 REPLIES 7
VinayHM
Staff
Staff

Created on ‎08-09-2023 09:10 PM

Hi @khemlina 

 

You can create one more policy on top of this to allow those users and not block social media ( create another custom web filter ) In the UTM profile.

 

Regards,

Vinay HM
3092
khemlina
New Contributor II
In response to VinayHM

Created on ‎08-09-2023 09:21 PM

Hi @VinayHM 
I'm not sure understand well so
1-create another web filter (ex: No_Block_Social_Media)

2-create source address (IP address that we allow to access social media)
3-create policy

 

pls help to add more details for this.
thanks

3079
0 Kudos
VinayHM
Staff
Staff
In response to khemlina

Created on ‎08-09-2023 09:52 PM

Hi @khemlina 

Yes, Create a new web filter and make sure social media is allowed.

create another policy (on top where vlan 4 users are blocked by social media), In this policy call the newly created web filter.

And finally, Call the user group or address object in the source address.

 

Regards,

Vinay HM
3064
Dongfang_Li_FTNT
Staff
Staff
In response to khemlina

Created on ‎10-04-2024 06:41 AM

The newly created policy has specify IP addresses instead of all in the destination address, the web filter can be disable because this policy only allows connection to the specified IP addresses.  

 

Regards,

Dongfang  

333
pjawalekar
Staff
Staff

Created on ‎08-09-2023 09:22 PM

Hi khemlina,

 

As you have configured the firewall policy with web filter profile to block the Social Media for vlan subnet, you can create one more policy for the specific ip's which you want to allow the social media access. You need to keep this policy above the existent one as the policies will be checked from top to bottom and with first match it will stop the policy lookup.

Below is the KB article which will be useful to understand how you can create the welbfilter profile to allow or block the specific url's

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...   

 

Regard's,
Pratik

 

3077
Rajneesh
Staff
Staff

Created on ‎08-09-2023 09:26 PM

You can create a new policy and in the source allow the  few IP address of this Vlan4 to access Social Media and keep that policy in top or above the Block_Social_Media, 
As mentioned by @pjawalekar the policies will be checked from top to bottom and with first match it will stop the policy lookup.

 

 

3072
khemlina
New Contributor II

Created on ‎08-10-2023 12:12 AM

Hello all
Thanks for your guideline. Now It's working.

3031
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.