FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anthony_E
Moderator
Moderator
Description
This article describes how to to allow the specific URL and to block all the websites without using the FortiGuard category filtering.

Use local URL filtering to achieve this.
Solution
To create the URL filtering profile, go to Security Profile -> Webfilter.
Disable FortiGuard category based filter.

Enter the websites with at the end '*.*' to block all the remaining websites.




URL filtering execution will follow top to bottom approach.

After creating URL filtering profile, call it in the firewall policy.




When user will try to access the website which is not the part of the static filter, the below block page will appear:




Note.
Some sites will be using multiple sub-domains which fall under different FortiGuard category so it will be required to exempt all sub-domains as well in order to access the site.

To check the sub-domains used by a particular site, check browser developer tools.
In Chrome, go to Ctrl+Shift+I -> Sources : Here it is possible to check all the sub-domain details.

SSL/SSH deep/full inspection is mandatory for static URL filter working.

Related Articles

Technical Tip: URL-Filter expressions

Technical Tip: Using a static URL filter feature to allow/block web sites

Contributors