Re: Blocking site
There is a port number provided in these URL entries, so I am wondering if the fgt will interpreter that is an http or https connection. Full SSL security inspection would be needed if you want the fgt to be able to see the full URL if HTTPS.
I agree with the other posters in this thread - if you want to allow access to this site via URL filtering without further utm processing - - an exempt rule is needed. a possible example of a common URL wildcard rule would be : e.g. 188.8.131.52:4443/yaghut/* or 184.108.40.206:4443/*
But if you simple want to allow direct access to 220.127.116.11 from non HTTP/HTTPS means, you may want to consider setting up a firewall policy allowing access to the IP address (/32) and apply whatever UTM feature on that connect (e.g. IPS) if you think you need it. Move this firewall rule up in the firewall chain so it can be triggered. This method is not preferred if 18.104.22.168 is a hosting server for multiple web sites that are outside your own "hosted" website.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C