1. Independent from webfilter licence2. Require of "one-arm ips" activation3. Require static-to-BGP redistribution to populate "ips-dns" discovered routes4. Blocking based on static urlfilter list
When the inspection requires HTTPs traffic being block additional steps are required prior configuring the urlfilter:
1. nslookup in order to confirm all possible IP addresses are being populated through static-to-BGP redistribution.Refer to the related article to perform one-arm urlfilter with HTTP web traffic.2. Capture packets and confirm the "Server Name" on the "Client Hello" SSL packet and this IURL is the one it is needed to be added in the urlfilter list.Related Articles
Technical Note: How to configure FortiGate to perform routing based on specific URLs
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.