Fortinet white logo
Fortinet white logo

Administration Guide

Create or edit a domain filter

Create or edit a domain filter

The DNS static domain filter allows you to block, exempt, or monitor DNS requests by using IPS to look inside DNS packets and match the domain being looked up with the domains on the static URL filter list. If there is a match the DNS request can be blocked, exempted, monitored, or allowed.

If blocked, the DNS request is blocked and so the user cannot look up the address and connect to the site.

If exempted, access to the site is allowed even if another method is used to block it.

To create a domain filter:
  1. Go to Security Profiles > DNS Filter.

  2. Click Create New or select a DNS filter profile and then click Edit.

  3. Enable Domain Filter.

  4. In the Domain Filter table, select Create New. The Create Domain Filter window opens.

  5. Enter the domain to filter in the Domain field. Enter a top-level domain suffix (for example, “com” without the leading period) to block access to all web sites with this suffix.

  6. Select the type of pattern to match: Simple, Reg. Expression, or Wildcard.

  7. Select the action to take when the pattern is matched:

    • Redirect to Block Portal: If a DNS query domain name rating belongs to the block category, the query is blocked and redirected.

    • Allow: Allow access to any domain that matches the domain pattern.

    • Monitor: Monitor traffic to and from domains matching the domain pattern.

  8. Enable or disable the status of the filter to make the filter active or inactive.

  9. Click OK to save the domain filter.

  10. Click OK to save the DNS filter profile.

To edit a domain filter:
  1. Go to Security Profiles > DNS Filter.

  2. Click Create New or select a DNS filter profile and then click Edit.

  3. Enable Domain Filter.

  4. In the Domain Filter table, double-click on a filter or select the filter and then click Edit in the toolbar.

  5. Edit the filter settings as required.

  6. Click OK to save your changes to the domain filter.

  7. Click OK to save the DNS filter profile.

Create or edit a domain filter

Create or edit a domain filter

The DNS static domain filter allows you to block, exempt, or monitor DNS requests by using IPS to look inside DNS packets and match the domain being looked up with the domains on the static URL filter list. If there is a match the DNS request can be blocked, exempted, monitored, or allowed.

If blocked, the DNS request is blocked and so the user cannot look up the address and connect to the site.

If exempted, access to the site is allowed even if another method is used to block it.

To create a domain filter:
  1. Go to Security Profiles > DNS Filter.

  2. Click Create New or select a DNS filter profile and then click Edit.

  3. Enable Domain Filter.

  4. In the Domain Filter table, select Create New. The Create Domain Filter window opens.

  5. Enter the domain to filter in the Domain field. Enter a top-level domain suffix (for example, “com” without the leading period) to block access to all web sites with this suffix.

  6. Select the type of pattern to match: Simple, Reg. Expression, or Wildcard.

  7. Select the action to take when the pattern is matched:

    • Redirect to Block Portal: If a DNS query domain name rating belongs to the block category, the query is blocked and redirected.

    • Allow: Allow access to any domain that matches the domain pattern.

    • Monitor: Monitor traffic to and from domains matching the domain pattern.

  8. Enable or disable the status of the filter to make the filter active or inactive.

  9. Click OK to save the domain filter.

  10. Click OK to save the DNS filter profile.

To edit a domain filter:
  1. Go to Security Profiles > DNS Filter.

  2. Click Create New or select a DNS filter profile and then click Edit.

  3. Enable Domain Filter.

  4. In the Domain Filter table, double-click on a filter or select the filter and then click Edit in the toolbar.

  5. Edit the filter settings as required.

  6. Click OK to save your changes to the domain filter.

  7. Click OK to save the DNS filter profile.