Back to all articles

Allowlisting (Whitelisting) in Fortinet's FortiGate

Fortinet's FortiGate web filter can be configured to allow access to our phish simulations and landing pages.

Allowlisting by Static URL Filter

You can allow access to our phish and landing domains by adding them to your Static URL Filter list in your FortiGate firewall.

The FortiGate web filter allows web pages matching the URLs that you specify. 

Note: Allowlisting with 'web rating overrides' is another allowlisting method offered by Fortinet. This method is for those organisations using FortiGuard categories. (For more information on this method, please refer to Fortinet's Web rating override article.)

  1. Log in to your Fortinet account.
  2. Navigate to Security Profiles > Web Filter.
  3. Create a new web filter, or select one to edit.
  4. Expand Static URL Filter; then, enable URL Filter, and select Create.
  5. Enter the URLs, without the 'https'. For example, www.example.com.
    • Enter each phishing and training domain as seen in Step 1.
  6. Select Type: Simple
  7. Select the Action to take against matching URLs: Allow
  8. Confirm that Status is enabled.

After following this article, we recommend setting up a test phishing campaign for 1-2 users to ensure your allowlisting was successful. If required, we also suggest reaching out to your service provider for assistance.