Solved

Fortigate Web Filter Syntax

Posted on 2014-12-01
2
2,360 Views
Last Modified: 2014-12-08
For the Fortigate Web Filtering I'm trying to figure out the proper syntax to open whitelist a domain.
Even if that domain has more path behind it.

For example both www.mydomain.com and www.mydomain.com/business/advertising/prices.pdf

I watched the Fortinet video, and it shows the URL filter should be: *mydomainname.com  "wildcard" "Exempt"
but that does not work at all.

I tried *.mydomainname.com and that works for the main page, but not the remainder of the path. (it get blocked by a web filter category)

Thanks!
0
Comment
Question by:DrPing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 250 total points
ID: 40475431
Hello,

If you choose type "Simple", you can put just www.mydomain.com 
It will also allow www.mydomain.com/business/advertising/prices.pdf

If you want type "Wildcard", you can put wildcard on begining, end or both:
www.mydomain.com*
*mydomain.com*
*mydomain.com

I have it configured in all above ways for different type of sites.
I'm running FortiOS 5.2.1

Regards!
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 40475659
Agree with Fidelius. It can be either
To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on
or
Control access to all URLs that match patterns created using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.
URL filtering uses a black list approach. That is, all sites are allowed, except those that are blocked. Note also the list entries are processed from top to bottom. Note it is specific to the pattern of the URL stated. However, more commonly if you wanted to be specific on Web Site only (not URL) then you can use Web Site Filter instead for www.domain.com though you can achieve in URL filter too but need to be careful on the pattern declaration. Side note, you can even drill into Web Content filter..

But do take note as shared in docs(pdf) when using Exempt
When you add a URL pattern to a URL filter list and apply the Exempt action, traffic sent to and replies traffic from sites matching the URL pattern will bypass all antivirus proxy operations. The connection itself inherits the exemption. This means that all subsequent reuse of the existing connection will also bypass all antivirus proxy operations. When the connection times out, the exemption is cancelled.
0

Featured Post

Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What To Do With Surplus Rack Server, Controller and Switches? 13 80
Ping in Fortigate 2 61
Configure 2 Servers with Crossover cable 3 46
Cisco ASA 5510 Question 2 33
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question