Solved

Fortigate Web Filter Syntax

Posted on 2014-12-01
2
2,504 Views
Last Modified: 2014-12-08
For the Fortigate Web Filtering I'm trying to figure out the proper syntax to open whitelist a domain.
Even if that domain has more path behind it.

For example both www.mydomain.com and www.mydomain.com/business/advertising/prices.pdf

I watched the Fortinet video, and it shows the URL filter should be: *mydomainname.com  "wildcard" "Exempt"
but that does not work at all.

I tried *.mydomainname.com and that works for the main page, but not the remainder of the path. (it get blocked by a web filter category)

Thanks!
0
Comment
Question by:DrPing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 250 total points
ID: 40475431
Hello,

If you choose type "Simple", you can put just www.mydomain.com 
It will also allow www.mydomain.com/business/advertising/prices.pdf

If you want type "Wildcard", you can put wildcard on begining, end or both:
www.mydomain.com*
*mydomain.com*
*mydomain.com

I have it configured in all above ways for different type of sites.
I'm running FortiOS 5.2.1

Regards!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points
ID: 40475659
Agree with Fidelius. It can be either
To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on
or
Control access to all URLs that match patterns created using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.
URL filtering uses a black list approach. That is, all sites are allowed, except those that are blocked. Note also the list entries are processed from top to bottom. Note it is specific to the pattern of the URL stated. However, more commonly if you wanted to be specific on Web Site only (not URL) then you can use Web Site Filter instead for www.domain.com though you can achieve in URL filter too but need to be careful on the pattern declaration. Side note, you can even drill into Web Content filter..

But do take note as shared in docs(pdf) when using Exempt
When you add a URL pattern to a URL filter list and apply the Exempt action, traffic sent to and replies traffic from sites matching the URL pattern will bypass all antivirus proxy operations. The connection itself inherits the exemption. This means that all subsequent reuse of the existing connection will also bypass all antivirus proxy operations. When the connection times out, the exemption is cancelled.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question