Policy1 - URL based address object to allow URL = "video.fortinet.com/video/261/security-fabric-installation-5-6".When the request is HTTP, the request can be matched with the URL based address object and the access will be allowed by policy1.
Policy2 - Allow policy with web filter enabled to block the category "Information Technology".
config firewall profile-protocol-options
edit "default"
config http
set http-policy enable
end
next
end
config firewall address
edit "fortinet.com"
set type wildcard-fqdn
set wildcard-fqdn "*.fortinet.com"
next
end
config firewall proxy-address
edit "ftnt_url1"
set host "fortinet"
set path "/video/261/security-fabric-installation-5-6"
next
end
config firewall profile-protocol-options
edit "default"
config http
set http-policy enable
end
next
end
config firewall proxy-policy
edit 1
set proxy explicit-web
set dstintf "port10"
set srcaddr "all"
set dstaddr "ftnt_url1"
set service "webproxy"
set action accept
set schedule "always"
set logtraffic all
set utm-status enable
set webfilter-profile "monitor-all"
set profile-protocol-options "default"
set ssl-ssh-profile "deep-inspection-lab"
next
edit 2
set uuid 7c265834-203b-51e7-4123-455f8f218612
set proxy explicit-web
set dstintf "port10"
set srcaddr "all"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set logtraffic all
set utm-status enable
set av-profile "default"
set webfilter-profile "block_information_technology"
set profile-protocol-options "default"
set ssl-ssh-profile "deep-inspection-lab"
next
end
date=2017-05-04 time=09:47:45 logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" policyid=1 sessionid=987350404 srcip=10.25.3.1 srcport=50394 srcintf="port9" dstip=208.91.114.157 dstport=443 dstintf="port10" proto=6 service="HTTPS" hostname="video.fortinet.com" profile="monitor-all" action="passthrough" reqtype="direct" url="/video/261/security-fabric-installation-5-6" sentbyte=941 rcvdbyte=3281 direction="outgoing" msg="URL belongs to an allowed category in policy" method="domain" cat=52 catdesc="Information Technology"
date=2017-05-04 time=09:51:14 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" policyid=2 sessionid=987350461 srcip=10.25.3.1 srcport=50451 srcintf="port9" dstip=208.91.114.157 dstport=443 dstintf="port10" proto=6 service="HTTPS" hostname="video.fortinet.com" profile=" block_information_technology " action="blocked" reqtype="direct" url="/" sentbyte=1345 rcvdbyte=137 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=52 catdesc="Information Technology" crscore=30 crlevel="high"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.