Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
qweqwelani
New Contributor

Created on ‎02-14-2018 10:15 AM

DNS Static URL Filter

Hi,

I am trying setup fortigate (version 5.2) to block every DNS request except the requests querying for whitelisted domains.

 

I've setup fortigate unit to use FortiGuarde DNS servers and also use fortigate as my internal DNS server. Then I've created Web Filer policy to block everything but  DNS request to resolve google.com

 

I've applied this policy to firewall rules. But I am still able to resolve every domain.

What am I doing wrong? And is it even possible to achive my goal?

Preview file
51 KB
14102
0 Kudos
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-14-2018 02:25 PM

I haven't used DNS web filtering myself. But based on the online help description below:

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/Top_DNSInspectionProfile...

category filtering seems to be necessary.

Try configure them in local categories instead of Static URL Filter to see if it works. If not, you probably need to open a case at TAC.

2539
0 Kudos
qweqwelani
New Contributor
In response to Toshi_Esumi

Created on ‎02-15-2018 04:14 AM

Unfortunately category filtering is not licensed for my device. I've tried it anyway, but without any luck.

2539
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to qweqwelani

Created on ‎02-15-2018 08:39 AM

Mostlikely at least that part of FortiGuard license/subscription is required. You can verify with a sales or TAC.

2539
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.