PurposeThis article describes how to configure web filter profile on FortiGate to block access to Facebook (www.facebook.com) but allow access to Facebook workplace.
ScopeExpectations, RequirementsAccess to Facebook website will be blocked but access to Facebook workplace will be allowed.
Configuration1) The following is the configuration of IPv4 policy:
2) The following is the configuration of web filter profile:
Verification1) Open a web browser and confirm that Facebook is blocked as follows:
2) Confirm that access to Facebook workplace is allowed as follows:
TroubleshootingIn this case, the test machine that is being used to replicate access to Facebook (facebook.com) and Facebook workplace (workplace.facebook.com) is 192.168.56.22.
This explains why 192.168.56.22 is used to filter the urlfilter debugging as follows:
diag debug reset
diag debug disable
diag debug urlfilter src-addr 192.168.56.22
diag debug app urlfilter -1
diag debug en
To stop debugging, run the following command:
diag debug disable
or di de di