Explicit web proxy firewall address URL patterns
You can add URL pattern addresses and address groups to control the destination URLs that explicit proxy users can connect to. To add a URL pattern to go to Policy & Objects > Addresses, select Create New and set the Type to URL Pattern (Explicit Proxy). Add a URL or URL pattern that defines the URL or URLs that explicit proxy users should be limited to. Set the Interface to any.
For example to limit access to a single website:
To limit access to websites from the same domain:
To limit access to a part of a website:
To add a URL pattern group, create several URL pattern addresses then go to Policy & Objects > Addresses, select Create New > Group and add URL patterns to the address group.
Then when creating explicit web proxy policies, select the URL pattern addresses or groups as the destination address.
URL patterns and HTTPS scanning
For HTTPS traffic, URL patterns can only be matched up to the root path. For example, consider the following URL pattern:
If a proxy user browses using HTTP, this URL pattern limits their access the iPad pages of www.apple.com. However, if a proxy user browses using HTTPS, they will be able to access all pages on www.apple.com.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos