Hot!Fortinet blocking allowed site

Author
RyanFItz
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/03/03 07:14:46
  • Status: offline
2020/10/07 04:24:33 (permalink)
0

Fortinet blocking allowed site

All I have enabled is web filter -> url filter. I have one website to allow then block * as wildcard and for some reason it blocks the allowed sites and seems to be only https sites, my http sites in the allow list works but my https sites do not.
 
Does anyone have any idea?
 
google and fastpeoplesearch get blocked
 
Attached is a screen shot of the filter
 
Web Filter
 
Threat Level    high
Direction    outgoing
Log event original timestamp    1602069758
Event Type    urlfilter
Hostname   &nbsp www.fastpeoplesearch.com
Message    URL was blocked because it is in the URL filter list
Profile Name    default
Request Type    direct
URL    
www.fastpeoplesearch.com/
URL Filter Index    1
URL Filter List    default
 
 
Date    10/07/2020
Time    07:22:43
Duration    5s
Session ID    52787
Virtual Domain    root
NAT Translation    Source

Source
IP    192.168.168.5
NAT IP    75.150.165.185
Source Port    57133
Country    Reserved
Primary MAC    9c:8e:99:5c:34:0b
Source Interface    lan
Host Name    SCCserver.sterlingcredit
Device Type    Windows PC
OS Name    Windows 8.1 / 2012

Destination
IP    104.18.15.109
Host Name    fastpeoplesearch.com
Port    443
Country    United States
Destination Interface    wan1

Application
Application Name    HTTPS
Category    unscanned
Protocol    tcp
Service    HTTPS

Data
Received Bytes    212 B
Received Packets    5
Sent Bytes    809 B
Sent Packets    7

Action
Action    server-rst
Security Action    Blocked
Threat    8
Policy    1
Policy UUID    e02340c0-706e-51e8-64e1-e9101bf2f114
Policy Type    policy

Security
Level    
Web events    1
Threat Score    30

Other
Source Interface Role    lan
Log ID    13
byod_name    SCCserver.sterlingcredit
Protocol Number    6
roll    65535
byod_device    windows-pc
Log event original timestamp    1602069763
Destination Interface Role    wan
dstcountry_code    US
Source Server    0
Sub Type    forward
utmref    65535-37914
Security Events
 
post edited by RyanFItz - 2020/10/07 04:28:01

Attached Image(s)

#1

5 Replies Related Threads

    Fullmoon
    Platinum Member
    • Total Posts : 925
    • Scores: 14
    • Reward points: 0
    • Joined: 2010/08/02 18:02:10
    • Status: offline
    Re: Fortinet blocking allowed site 2020/10/07 06:32:20 (permalink)
    0
    I would craft my url entries like these URL:*.fastpeoplesearch.com,*.google.com Type: Wildcard, Action: Exempt, Status:Enable

    Fortigate Newbie
    #2
    RyanFItz
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/03 07:14:46
    • Status: offline
    Re: Fortinet blocking allowed site 2020/10/07 06:43:41 (permalink)
    0
    Thanks I’ll try that
    #3
    RyanFItz
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/03 07:14:46
    • Status: offline
    Re: Fortinet blocking allowed site 2020/10/07 13:41:25 (permalink)
    0
    I got it to work.
     
    It does not like any form of wildcard for some reason for allow or exempt. Firmware 5.6.3
     
    I had to use
    fastpeoplesearch.com, simple, allow
    www.fastpeoplesearch.com, simple, allow
    *, wildcard, block
     
    now the site will come up and all others are still blocked
    #4
    RyanFItz
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/03 07:14:46
    • Status: offline
    Re: Fortinet blocking allowed site 2020/10/07 19:10:57 (permalink)
    0
    Still wouldn't work so what I did was use the category blocking, I blocked every category and unrated, then created an allow white list for a custom category and that seems to work.

    Attached Image(s)

    #5
    sw2090
    Expert Member
    • Total Posts : 783
    • Scores: 58
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Fortinet blocking allowed site 2020/10/08 02:58:35 (permalink)
    0
    two things:
     
    1. you url filter will not work because you set the action to "allow". This means it will allow it but check all other rules coming after that too. And your blocking all rule is of course matching too. So set the action to "exempt" to have it stop once the rule matched and not hit the block all rule.
     
    2. url filter on https site will only work if you enable ssl deep inspection because without that it cannot see the url. Certificate inspection will also only see what is in subject (alternate) name which is usually only the domain or subdomain name of the site.
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5