Correct way to block a domain

Author
micycle
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/07/29 01:02:24
  • Status: offline
2021/01/14 00:23:11 (permalink)
0

Correct way to block a domain

 I've been trying to figure what is right way (that also works best) to fully block access to a domain.
From my understanding there are 3 options:
* Block address of type FQDN
* Web filter
* DNS filter
 
Thing is I had issues with each one:
FQDN - (From this thread I understand that FQDN wouldn't be useful when blocking a domain that is connected to numerous IPs https://forum.fortinet.com/tm.aspx?m=188725&tree=true).
Web filter - web filter does block the domain when accessed through a browser. But won't block a ping request, which makes me worry it won't block other connections with the domain.
DNS filter - I have created a DNS filter but it does not seem to block the domain, so I am wondering whether it is not properly configured. This is how I set it up:

 
(Didn't matter which kind of inspection I set to the policy, and for the DNS filter itself, I tried both Simple option and Reg. Expression.)
 
So the question is:
Which one I should use to fully block access to a domain, and what is wrong with what I am doing with the option that is recommended?
post edited by micycle - 2021/01/14 00:28:41

Attached Image(s)

#1

0 Replies Related Threads

    Jump to:
    © 2021 APG vNext Commercial Version 5.5