Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.5 Administration Guide
    7.6.5
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Configuring web filter to exempt URLs from other security profiles

    Configuring web filter to exempt URLs from other security profiles

    When configuring other security profiles, specific URLs sometimes need to be exempt from the defined rules.

    For example, a rule might exist to block all executable files, but an executable file needs to be downloadable from a specific website. In this case, a web filter static URL filter can be used to exempt the specific URL from further processing by the other security profiles.

    Static URL filters can be applied to other security profiles as follows:

    Security profile

    Proxy support

    Flow support

    File filter

    Yes

    No

    Antivirus

    Yes

    Yes

    Data loss prevention

    Yes

    Yes

    Video filter

    No

    (Proxy only security profile)

    Example

    In this example, a file filter has been configured to block downloads of .exe files and is applied to a firewall policy that has deep inspection enabled.

    The file filter has the following settings:

    Field

    Value

    Name

    Block_EXE

    Feature set

    Proxy-based

    Rule

    exe_block

    Traffic

    Both

    Match Files

    Any

    Action

    Block

    File Types

    exe

    See File filter for more information about configuring file filters.

    To configure the web filter exemption in the GUI:

    1. Go to Security Profiles > Web Filter and click Create New.

    2. Enter a profile Name.

    3. In the Static URL Filter section, enable URL Filter and click Create New in the table.

    4. Enter the URL you need to make an exception for. In this example the Wildcard type is used.

    5. Set Action to Exempt and Status to Enable.

    6. Click OK.

    7. Click OK to save the web filter profile.

    8. Enable the web filter profile in the firewall policy that includes the file filter that you need to add the exemption to. See Firewall policy for more information.

    To configure the web filter exemption in the CLI:

    1. Configure the URL filter:

      config webfilter urlfilter
    edit 99
        set name "exempt_URL"
        config entries
            edit 1
                set url "*fortinet.com"
                set type wildcard
            next
        end
    next
end

    2. Configure the web filter profile to use the URL filter:

      config webfilter profile
    edit "exempt_exe"
        config web
            set urlfilter-table 99
        end
    next
end

    3. Apply the web filter in the firewall policy:

      config firewall policy
    edit 1
        set webfilter-profile "exempt_exe"
    next
end
    Previous
    Next

    Configuring web filter to exempt URLs from other security profiles

    Configuring web filter to exempt URLs from other security profiles

    When configuring other security profiles, specific URLs sometimes need to be exempt from the defined rules.

    For example, a rule might exist to block all executable files, but an executable file needs to be downloadable from a specific website. In this case, a web filter static URL filter can be used to exempt the specific URL from further processing by the other security profiles.

    Static URL filters can be applied to other security profiles as follows:

    Security profile

    Proxy support

    Flow support

    File filter

    Yes

    No

    Antivirus

    Yes

    Yes

    Data loss prevention

    Yes

    Yes

    Video filter

    No

    (Proxy only security profile)

    Example

    In this example, a file filter has been configured to block downloads of .exe files and is applied to a firewall policy that has deep inspection enabled.

    The file filter has the following settings:

    Field

    Value

    Name

    Block_EXE

    Feature set

    Proxy-based

    Rule

    exe_block

    Traffic

    Both

    Match Files

    Any

    Action

    Block

    File Types

    exe

    See File filter for more information about configuring file filters.

    To configure the web filter exemption in the GUI:

    1. Go to Security Profiles > Web Filter and click Create New.

    2. Enter a profile Name.

    3. In the Static URL Filter section, enable URL Filter and click Create New in the table.

    4. Enter the URL you need to make an exception for. In this example the Wildcard type is used.

    5. Set Action to Exempt and Status to Enable.

    6. Click OK.

    7. Click OK to save the web filter profile.

    8. Enable the web filter profile in the firewall policy that includes the file filter that you need to add the exemption to. See Firewall policy for more information.

    To configure the web filter exemption in the CLI:

    1. Configure the URL filter:

      config webfilter urlfilter
    edit 99
        set name "exempt_URL"
        config entries
            edit 1
                set url "*fortinet.com"
                set type wildcard
            next
        end
    next
end

    2. Configure the web filter profile to use the URL filter:

      config webfilter profile
    edit "exempt_exe"
        config web
            set urlfilter-table 99
        end
    next
end

    3. Apply the web filter in the firewall policy:

      config firewall policy
    edit 1
        set webfilter-profile "exempt_exe"
    next
end
    Previous
    Next