FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acvaldez
Staff
Staff
Article Id 195978
Purpose
This article describes how to configure web filter profile on FortiGate to block access to Facebook (www.facebook.com) but allow access to Facebook workplace.

Scope

Expectations, Requirements
Access to Facebook website will be blocked but access to Facebook workplace will be allowed.

Configuration
1) The following is the configuration of IPv4 policy:


2) The following is the configuration of web filter profile:






Verification
1) Open a web browser and confirm that Facebook is blocked as follows:


2) Confirm that access to Facebook workplace is allowed as follows:



Troubleshooting
In this case, the test machine that is being used to replicate access to Facebook (facebook.com) and Facebook workplace (workplace.facebook.com) is 192.168.56.22.

This explains why 192.168.56.22 is used to filter the urlfilter debugging as follows:
diag debug reset
diag debug disable
diag debug urlfilter src-addr 192.168.56.22
diag debug app urlfilter -1
diag debug en

To stop debugging, run the following command:
diag debug disable
or
di de di


Contributors