After upgrading from FortiClient 7.0.10 to 7.2.3, I've noticed that the exclusion list in the Web Filter no longer works. No changes were made to the web filter policies, web browser plug-in is enabled in the policy and installed on the client, what gives? My clients are all configured to use the web fliter plugin only when the endpoints are off-fabric,
For example, If I try to block Facebook, Twitter, or TikTok using a deny entry for each in the Web Filter Exclusion list, the sites do not get blocked on the client. I've tried all three exclusion types (Simple, Regular Expression, and Wildcard) and none of them block the sites any longer.
I've tried in both Edge and Chrome with the same results.
Downgrading back to 7.0.10 resolves the issue.
Anyone else experiencing this?
Solved! Go to Solution.
Not sure how I missed it earlier (unless it wasn't listed yet), but it appears to be the below bug that affects versions 7.2.1 - 7.2.3 in combination with the FortiClient Web Filter handling the Wildcard type expressions differently than the FortiGate and FortiClient versions before 7.2.1 do.
875298 | Exclusion list does not work properly with regular expressions. |
I had erroneously assumed that the FortiClient 7.2.3 web filter would process the filtering types the same way the FortiGate Web Filter does which is outlined here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-URL-Filter-expressions-for-the-FortiGate/t...
Unfortunately, it seems as though the Wildcard filtering type does not behave the same way in the FortiClient 7.2.1+ web filter as they do in earlier versions of FortiClient (or as they do in a FortiGate web filter profile). I was finally able to block websites using FortiClient 7.2.3 by using the Wildcard type filter and using it in the format of *Website.com, using *.Website.com would NOT block Website.com as was the previous behavior.
Your issue may look like the below bug that affects version 7.2.3.
962502 Web Filter does not respect exclusion list when imported from FortiGate with web category overrides.
I saw that too and should have mentioned that I'm not using an imported web profile. I double checked, and there are no imported profiles at all listed in EMS. Just to be safe I created an entirely new web profile in EMS to test just blocking Facebook and it just doesn't work in 7.2.X.
Not sure how I missed it earlier (unless it wasn't listed yet), but it appears to be the below bug that affects versions 7.2.1 - 7.2.3 in combination with the FortiClient Web Filter handling the Wildcard type expressions differently than the FortiGate and FortiClient versions before 7.2.1 do.
875298 | Exclusion list does not work properly with regular expressions. |
I had erroneously assumed that the FortiClient 7.2.3 web filter would process the filtering types the same way the FortiGate Web Filter does which is outlined here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-URL-Filter-expressions-for-the-FortiGate/t...
Unfortunately, it seems as though the Wildcard filtering type does not behave the same way in the FortiClient 7.2.1+ web filter as they do in earlier versions of FortiClient (or as they do in a FortiGate web filter profile). I was finally able to block websites using FortiClient 7.2.3 by using the Wildcard type filter and using it in the format of *Website.com, using *.Website.com would NOT block Website.com as was the previous behavior.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.