Re: Web filter Vs. DNS filter
Here a practical example :
In my company, I can't use the dns filtering because of its requirement to use the fortiguard dns servers. We can't use external dns server.
with dns filtering you can't block access based on url. You blocked based on dns name resolution (ip address).
Let say for example, you want to block seattle.org/ordering but allow seattle.org/pictures. Because both url resolve to the same ip address will not obtain the desired result with dns filtering. It will block access to seattle.org as a whole.
web filtering filters based on url and because you will be able to block seattle.org/ordering but allow seattle.org/pictures.
Ask yourself this question, what will happen if fortigate can't connect to FORTIGUARD DNS servers in the middle of the night?
What will happen to your policy rules? Does it go to allow or deny everything?