Fortinet black logo

Cookbook

Configuring the FortiGate to allow access to Twitter

Copy Link
Copy Doc ID 53d09085-7746-11e9-81a4-00505692583a:970661
Download PDF

Configuring the FortiGate to allow access to Twitter

  1. On the FortiGate, configure firewall addresses to allow users to access the Twitter login page.
  2. The following step can be performed in the GUI, but may take considerably longer than using the CLI. You can copy and paste the commands below.

    Open the CLI Console and enter the following, which creates the firewall addresses and adds them to a firewall address group called Twitter_Auth.

    config firewall address

    edit "api.twitter.com"

    set type fqdn

    set fqdn "api.twitter.com"

    next

    edit "abs.twimg.com"

    set type fqdn

    set fqdn "abs.twimg.com"

    next

    edit "abs-0.twimg.com"

    set type fqdn

    set fqdn "abs-0.twimg.com"

    next

    end

    config firewall addrgrp

    edit "LinkedIn_Auth"

    set member "api.twitter.com" "abs.twimg.com" "abs-0.twimg.com"

    next

    end

  3. Go to Policy & Objects > IPv4 Policy and create a policy for Twitter authentication traffic.
  4. Set Incoming Interface to the WiFi SSID interface and set Source Address to all.

    Set Outgoing Interface to the Internet-facing interface and set Destination Address to Twitter_Auth.

    Set Service to ALL and enable NAT. Configure Security Profiles accordingly.

  5. Then open the CLI Console. Using the policy's ID, enter the following command to exempt the Twitter authentication traffic policy from the captive portal:
  6. config firewall policy

    edit <policy_id>

    set captive-portal-exempt enable

    next

    end

    This command allows access to the external captive portal.

Configuring the FortiGate to allow access to Twitter

  1. On the FortiGate, configure firewall addresses to allow users to access the Twitter login page.
  2. The following step can be performed in the GUI, but may take considerably longer than using the CLI. You can copy and paste the commands below.

    Open the CLI Console and enter the following, which creates the firewall addresses and adds them to a firewall address group called Twitter_Auth.

    config firewall address

    edit "api.twitter.com"

    set type fqdn

    set fqdn "api.twitter.com"

    next

    edit "abs.twimg.com"

    set type fqdn

    set fqdn "abs.twimg.com"

    next

    edit "abs-0.twimg.com"

    set type fqdn

    set fqdn "abs-0.twimg.com"

    next

    end

    config firewall addrgrp

    edit "LinkedIn_Auth"

    set member "api.twitter.com" "abs.twimg.com" "abs-0.twimg.com"

    next

    end

  3. Go to Policy & Objects > IPv4 Policy and create a policy for Twitter authentication traffic.
  4. Set Incoming Interface to the WiFi SSID interface and set Source Address to all.

    Set Outgoing Interface to the Internet-facing interface and set Destination Address to Twitter_Auth.

    Set Service to ALL and enable NAT. Configure Security Profiles accordingly.

  5. Then open the CLI Console. Using the policy's ID, enter the following command to exempt the Twitter authentication traffic policy from the captive portal:
  6. config firewall policy

    edit <policy_id>

    set captive-portal-exempt enable

    next

    end

    This command allows access to the external captive portal.