Hot!Blocking site

Author
feisal
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/05/08 02:49:55
  • Status: offline
2020/05/09 04:44:37 (permalink)
0

Blocking site

i am getting block for my site i tried to add webfilter but still it shows the site is blocked. 
the first entry is working fine but the other enter is not releasing the site.
my device is
 
FortiGate 60E
v6.2.3 build1066.
 
thanks
 
 
 

Attached Image(s)

#1

4 Replies Related Threads

    sw2090
    Platinum Member
    • Total Posts : 678
    • Scores: 42
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Blocking site 2020/05/11 02:58:44 (permalink)
    0
    Is there a reason why you created this as type "wildcard"?
    You set the action to "Allow". This means this rule will alow it. But it also means if there is any other rule matching after this which blocks it it will still be blocked.
    I suggest using action type "exempt" to make the url filter stop once it matched a rule to prevent this from happening.
    #2
    Daniel Aguilar
    New Member
    • Total Posts : 5
    • Scores: 2
    • Reward points: 0
    • Joined: 2020/05/27 10:18:52
    • Location: Venezuela
    • Status: offline
    Re: Blocking site 2020/05/27 10:35:25 (permalink)
    0
    Hello, I think because you are using a WildCard I will recommend to you to use this wildcard and check what happens:
     
    213.42.230.213:4443/*
     
    Will be very helpful that you show the web filter log when you try to access to that URL.
    #3
    Dave Hall
    Expert Member
    • Total Posts : 1702
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Blocking site 2020/05/28 09:47:37 (permalink)
    0
    There is a port number provided in these URL entries, so I am wondering if the fgt will interpreter that is an http or https connection.  Full SSL security inspection would be needed if you want the fgt to be able to see the full URL if HTTPS. 
     
    I agree with the other posters in this thread - if you want to allow access to this site via URL filtering without further utm processing - - an exempt rule is needed.  a possible example of a common URL wildcard rule would be :  e.g. 213.42.230.213:4443/yaghut/* or 213.42.230.213:4443/* 
     
     
    But if you simple want to allow direct access to 213.42.230.213 from non HTTP/HTTPS means, you may want to consider setting up a firewall policy allowing access to the IP address (/32) and apply whatever UTM feature on that connect (e.g. IPS) if you think you need it.  Move this firewall rule up in the firewall chain so it can be triggered.  This method is not preferred if 213.42.230.213 is a hosting server for multiple web sites that are outside your own "hosted" website.
     
     

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #4
    jamesseth
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/01 05:00:27
    • Status: offline
    Re: Blocking site 2020/06/01 05:13:33 (permalink)
    0
    Thank you for the share information...now I am doing action type "exempt" to make the URL filter.
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5