Enabling DLP and Multiple Security Profiles, 3. Solution 1) Go to Security Profile > Web filter. Creating a default route for the WAN link interface, 6. Creating the RADIUS Client on FortiAuthenticator, 4. Adding the FortiToken user to FortiAuthenticator, 3. Go to Policy & Objects > IPv4 Policy, and click Create New. Configuring the FortiGate's DMZ interface, 1. I've resorted to using tcpview and adding huge swaths of microsoft's IP ranges that I can find on ARIN and at this point I nearly have something that works. The following example blocks traffic that matches the BGP firewall service. The SA proposals do not match (SA proposal mismatch). Configuring local user certificate on FortiAuthenticator, 9. Deleting security policies and routes that use WAN1 or WAN2, 5. (Optional) Setting the FortiGate's DNS servers, 5. message appears, blocking the subdomain. What do hair pins have to do with networking? How do these priorities affect each other? 05:45 AM Editing the default Web Application Firewall profile, 3. Adding FortiAnalyzer to a Security Fabric, 5. 07-06-2018 Integrating the FortiGate with the Windows DC LDAP server, 2. Editing the default Web Filter profile, 3. Copyright 2023 Fortinet, Inc. All Rights Reserved. Adding an address for the local network, 5. This lesson wil show you how-to FortiGate Firewall allows you to block specific sites and also filter them on a content base. Launching the instance using roles and user data, Captive Portal bypass for Apple updates and Chromebook authentication, 1. This recipe explains how to use a static URL filter to block access to Facebook and its subdomains. By the way, I am just thinking, maybe it would be possible with the application control feature, but I'm not enough into it to tell you that exactly. Enabling endpoint control on the FortiGate, 2. Importing the local certificate to the FortiGate, 6. Technical Tip: How to block all, except some URLs. To block Facebook, go to Static URL filter, select URL Filter, and then click Create. For Layer 4 virtual servers, FortiADC blocks access when the first TCP SYN packet arrives. set action deny. Configuring Single Sign-On on the FortiGate. Configuring the IPsec VPN using the IPsec VPN Wizard, 2. Adding the Web Filter profile to the Internet access policy, 2. Configuring and assigning the password policy, 3. Under Security Profiles, enable Web Filter and select the default web filter profile. For example: www.fortinet.com - URL: fortinet.com - URL: fortinet.com/support Create the SSID and set up authentication, WiFi using FortiAuthenticator RADIUS with Certificates, 1. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. During testing only one of the 2 web sites was allowed. Enabling the Cooperative Security Fabric, 7. Adding security policies for access to the Internet and internal network, SSO using a FortiGate, FortiAuthenticator, and DC Polling (Expert), 3. The most common mistake it to create a "Domain" policy to block most malicious stuff (like certain ports and/or application) then create a RDS policy that only have white-lists of websites but allowing or ignoring the "Domain" policies for RDS servers.then the RDS servers become a backdoor ??. So, first interaction here, so if more is needed, or if I am doing something wrong, I am open to suggestions or guidance with forum ettiquette. Adding virtual wire pair firewall policies, Enforcing network security using a FortiClient Profile, 5. Flashback: March 3, 1971: Magnavox Licenses Home Video Games (Read more HERE.) Creating a policy that denies mobile traffic. Configuring RADIUS EAP on FortiAuthenticator, 4. Creating a default route for the WAN link interface, 6. Configuring an interface dedicated to FortiAP, 7. Configuring RADIUS client on FortiAuthenticator, 5. So we are thinking on restricting everything except these https requests from an app that was given URL by IBM cloud in the form of: "myFancyApp.mybluemix.net." Creating a local CA on FortiAuthenticator, 2. Configuring the root VDOM for FortiGate management, You cannot create new web filter profiles, You configured web filtering, but it is not working, You configured DNS Filtering, but it is not working, FortiGuard has the wrong categorization for a website, The website categorization on your FortiGate does not match the FortiGuard categorization, An active FortiGuard web filter license displays as expired/unreachable, Using URL Filters in conjunction with FortiGuard Categories is not working, 2. Installing and configuring the Marketing FortiGate, 4. Configuring local user on FortiAuthenticator, 6. 03:22 AM This recipe explains how to block access to social media websites Chosen Solution. Connecting to the IPsec VPN from the Windows Phone 10, 1. Configuring RADIUS EAP on FortiAuthenticator, 4. Logs from a FortiAnalyzer, FortiManager, or from FortiCloud do not appear in the GUI. (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. Creating a schedule for part-time staff, 4. Creating a security policy for WiFi guests, 4. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network's access to websites. HTTPS is automatically applied to facebook.com, even if it is not entered in the address bar. Creating the Microsoft Azure local network gateway, 7. Stay with us! Click on "Add Site". Configure FortiGate to use the RADIUS server, 4. Creating a firewall address for L2TP clients, 5. 03:21 AM Configuring the certificate for the GUI, 4. the same traffic. Go to System > Feature Select to enable the Web Filter feature. Cause we are concerned about security of server data, and the person managing firewall said second option may not be sufficiently secure and we would really like to have first option - blocking and filtering connection INCOMING to intranet. Requesting and installing a server certificate for FortiOS, 2. Welcome to the Snap! To move a policy up or down, click and drag the far-left column of the policy. 05:01 AM. Creating a Microsoft Azure Site-to-Site VPN connection. Creating a custom application signature, 3. Enforcing FortiClient registration on the internal interface, 4. Integrating the FortiGate with the FortiAuthenticator, 3. By Open the WebBlock window, as shown in Step 5 above. ; Select the Block malicious websites checkbox. Adding a firewall address for the local network, 4. Creating users on the FortiAuthenticator, 3. Configuring the IPsec VPN using the Wizard, 2. Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com. Anthony_E. Hi Team, If exempt is only needed from Fortiguard filtering then '. I'm excited to be here, and hope to be able to contribute. Specifically outlook. Configuring sandboxing in the default Web Filter profile, 5. Fortinet Community Knowledge Base FortiGate Technical Tip: How To block all the web sites whil. Adding virtual wire pair firewall policies, Enforcing network security using a FortiClient Profile, 5. The IT security of the company is managed by a different IT technical support company and they are using FortiGate 90e firewall. I'll contact FortiNet support again I'm just not confident in the agent I worked with providing a proper resolution. Adding web filtering to a security policy, WiFi RADIUS authentication with FortiAuthenticator, 1. Adding FortiAnalyzer to a Security Fabric, 5. Setting the FortiGate unit to verify users have current AntiVirus software, 7. We now automatically block adult content in their web browsers, and if your kids are very young, you can allow them to access only specific web sites that you want them to see. Creating the DNS Filter Profile and enabling Botnet C&C database, 3. (Optional) Setting the FortiGate's DNS servers, 5. FortiPortal - Service Provider Admin Portal; 13. What's New in FortiAnalyzer 7.2.0; 10. It seems sometimes I can give devices full internet access, setup their outlook profile and kick them back over to this more restricted access and the outlook continues to work for several months. Connecting and authorizing the FortiAP, Captive portal WiFi access with a FortiToken-200, 2. Creating a Microsoft Azure Site-to-Site VPN connection. The pre-shared key does not match (PSK mismatch error). Creating a user group for remote users, 2. This way you don't need to use a web filter at all. Give the policy a name that identifies its use. 05:50 AM. Background. Verifying your Internet access security policy, Logging FortiGate traffic and using FortiView, 3. I wanted to know if i can remote access this machine and switch between os or while rebooting the system I can select the specific os. Applying the profile to a security policy, 1. Creating a policy that denies mobile traffic. I have a Fortigate 40C with FortiOS v4 patch 11, and I want to make a security profile that blocks all websites except hotmail and gmail because we need access to our email. Enable HTTPS traffic. We tried to block connection based on IP, but since the app is hosted in the cloud IPs can change, we were given IP ranges by IBM, but they don't even match the IP of request of the app. Configuring the SSL VPN web portal and settings, 4. Configuring FortiAP-2 for mesh operation, 8. Allowing wireless access to the Internet, Site-to-site IPsec VPN with two FortiGates, SSL VPN for users with passwords that expire, 1. This article provides an example of how to block all websites, whilst allowing only one. Exporting user certificate from FortiAuthenticator, 9. By Configuring and assigning the password policy, 3. If this doesn't work because unfortunately on the IPv4 policy you can't have wildcard FQDNs, then I would have the IT guy make a web filter. Why do you want to know this information? SSL VPN Web Mode for Remote Users; 6. Changing the FortiGate's operation mode, 2. Configuring user groups on the FortiGate, 7. Configuring the FortiGate's DMZ interface, 1. Adding endpoint control to a Security Fabric, 7. Connecting and authorizing the FortiAP unit, 4. Installing FSSO agent on the Windows DC server, 3. Creating a user group on the FortiGate, Single Sign-On using FSSO agent in advanced mode and FortiAuthenticator (Expert), 1. Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface. Storing configuration and license information, 3. 8.1k views 7 slides Fortigate Training NCS Computech Ltd. 31.7k views 280 slides FortiGate Firewall HOW-TO - DMZ Created on 02:18 AM. Configuring the SSID to RADIUS authentication, WiFi with WSSO using Windows NPS and Attributes, 1. How do these priorities affect each other? The next thing to do is to allow Google Docs and Google Drive. The FortiGate units performance level has decreased since enabling disk logging. Thanks for responding. Go to FortiView > Websites and select the 5 minutes view. Creating the LDAPS Server object in the FortiGate, 1. I haven't had any issues using it at all. Creating a local service certificate on FortiAuthenticator, 3. Configuring FortiGate to use the RADIUS server, 5. But it feels too fragile. Creating the DNS Filter Profile and enabling Botnet C&C database, 3. Adding security policies for access to the internal network and Internet, 6. Enabling logging in your Internet access security policy, 2. I have been testing various IPv4 policies with Address groups of FQDN's for the allowed list. Creating a custom application signature, 3. Creating the SSL VPN user and user group, 2. 04:53 AM. (Optional) Restricting administrative access to a trusted host, FortiToken two-factor authentication with RADIUS on a FortiAuthenticator, 1. Go to Policy & Objects > IPv4 Policy, and click Create New. IPsec VPN two-factor authentication with FortiToken-200, 3. Can anyone please kindly guide us through making that nice helpful person through configuring his Fortigate 90e firewall to allow our app to communicate through firewall with that server and block everything else in the world ? I don't know yet if I can make use of this, and if it works, but it most definitely answers the question I asked. Configuring a traffic shaper to limit bandwidth, 4. Before that we tried IP restriction, but because it is a cloud app, we don't have a guaranteed static IP address, it keeps changing. And what are the pros and cons vs cloud based? To move a policy up or down, click and drag the far-left column of the policy. I know how to create the objects and address group for the farm. Anthony_E, This article explains how to exempt or block the access to website using the URL filter feature.Solution. Adding a user account to FortiToken Mobile, 4. Installing a FortiGate in NAT/Route mode, 2. Configuring the backup FortiGate for HA, 7. Exporting user certificate from FortiAuthenticator, 9. Copyright 2023 Fortinet, Inc. All Rights Reserved. We are trying to figure out how to explain firewall administrator how to configure his managed firewall. Configuring an interface dedicated to FortiAP, 7. The app is making a GET request and server sends back data in JSON format. He had turned it off for 5 minutes and we could connect. I am staging a Configuring Single Sign-On on the FortiGate, Single Sign-On using LDAP and FSSO agent in advanced mode (Expert), 1. Creating the RADIUS Client on FortiAuthenticator, 4. It's sole purpose is to respond to HTTP GET requests for resources from an app located in the cloud which has been given a URL like "myApp.mybluemix.net" and can be reached on that address. (Optional) Setting the FortiGate's DNS servers, 3. Create an SSID with dynamic VLAN assignment, 2. Configuring a traffic shaper to limit bandwidth, 4. The Web Filter module must be installed before you can enable Block malicious websites.. On the Malware Protection tab, select the settings icon. 1. Configuring a user group on the FortiGate, 6. We need this server locked down and blocked from any incoming connections except one app located at"myFancyApp.mybluemix.net" making https GET requests to retrieve data in JSON format on that server on various URIs with the help ofFortigate 90e firewall through which all of this communication is happening. One such group can contain up to 600 IPs, although the limit will vary between . Enabling and enforcing FortiHeartBeat on the FortiGate, 4. Adding the default profile to a security policy, 1. Importing the LDAPS Certificate into the FortiGate, 3. It's especially effective at preventing malware downloads from malicious or hacked websites. About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features NFL Sunday Ticket Press Copyright . You can make it possible with static URL filter option in FortiGate. message appears. Follow Advertisement Recommended Fortigate Firewall How to - DLP IPMAX s.r.l. Hope this helps. Blocking Tor traffic in Application Control using the default profile, 3. DescriptionThis article explains how to use Web-filter to create a white list of HTTP(S) resource, and block rest of the sites. After LastPass's breaches, my boss is looking into trying an on-prem password manager. Configuring Windows 7 wireless profile to use certificate, WiFi with WSSO using FortiAuthenticator RADIUS and Attributes, 1. The Web Filter module must be installed before you can enable Block malicious websites. Deleting security policies and routes that use WAN1 or WAN2, 5. Configuring the IPsec VPN using the Wizard, 2. You might be able to find these by googling. Creating a security policy for wireless traffic, Make it a policy to learn before configuring policies. Logs from a FortiAnalyzer, FortiManager, or from FortiCloud do not appear in the GUI. Thank you, that worked great! Confirm this by viewing policies By Sequence. Specifying the Microsoft Azure DNS server, 3. Configuring the root VDOM for FortiGate management, You cannot create new web filter profiles, You configured web filtering, but it is not working, You configured DNS Filtering, but it is not working, FortiGuard has the wrong categorization for a website, The website categorization on your FortiGate does not match the FortiGuard categorization, An active FortiGuard web filter license displays as expired/unreachable, Using URL Filters in conjunction with FortiGuard Categories is not working, 2. You can block every website by adding <all_urls> to the blocked websites policy. Creating a new CA on the FortiAuthenticator, 4. Installing and configuring the Marketing FortiGate, 4. Configuring the certificate for the GUI, 4. Steps to unblock websites 1. Feature comparison of standalone and managed modes, Feature comparison of FortiClient Windows, macOS, and Linux, Improved FortiSandbox Detection techniques, FortiClient installs and runs as a 64-bit process on 64-bit platforms, FortiGate and FortiClient Compliance profiles, FortiGate compliance and FortiClient setups, Where to download FortiClient installation files, Installing FortiClient on infected systems, Installing FortiClient as part of cloned disk images, Deploying FortiClient using Microsoft AD servers, Using Microsoft AD to uninstall FortiClient, Retrieving user details from cloud applications, Adding phone number and email address manually, Connecting FortiClient Telemetry after installation, Connecting FortiClient Telemetry manually, On-net/off-net status with FortiGate and EMS, Blocking known attack communication channels, Submitting files to FortiGuard for analysis, Viewing FortiClient engine and signature versions, Enabling and disabling exploit prevention, Viewing applications protected from exploits, Evaluating the anti-exploit detection feature, Checking FortiClient authorization for FortiSandbox scanning, Configuring submission, access, and remediation, Examples of FortiSandbox availability and scanning results, Managing the Sandbox Detection exclusion list, Submitting quarantined files for scanning, Automatically fixing detected vulnerabilities, Reviewing detected vulnerabilities before fixing, Save password, auto connect, and always up, Access to certificates in Windows Certificates Stores, Connecting VPNs before logging on (AD environments), Creating priority-based SSL VPN connections, Backing up or restoring full configuration files, Sending logs to FortiAnalyzer or FortiManager, To configure an action for all websites categorized as security risks, click the icon beside, To configure an action for security risk subcategories, click the icon beside the desired subcategory and select. 05:24 AM. "myFancyApp.mybluemix.net" Specifying the Microsoft Azure DNS server, 3. Creating an SSID with RADIUS authentication, WiFi with WSSO using Windows NPS and FortiGate Groups. Creating a guest SSID that uses Captive Portal, 3. Importing user certificate into Windows 7, 10. How to Block Websites in Fortigate Firewall. As for RDP port, this is not an issue as this is only available internally via an S2S VPN tunnel between the customers location and the hosted data center. Configuring Static Domain Filter in DNS Filter Profile, 4. It is a REST API https connection. Installing FSSO agent on the Windows DC, 4. Scroll down to the Social Networking subcategory and right-click again. I have a whitelist address group in my firewall for troublesome websites that don't load nicely with filtering enabled, I have one address group I add all the whitelisted addresses to, some are IP's, some are domains. Configuring the IPsec VPN using the IPsec VPN Wizard, 2. Editing the security policy for outgoing traffic, 5. Verify that you can connect to the gateway provided by your ISP. Configuring the IPsec VPN using the IPsec VPN Wizard, 1. Configuring sandboxing in the default Web Filter profile, 5. Filtering service is required. Anyone have suggestions on how this should be configured? Switch from the Allowlist mode to the Block list mode. Creating a web filter profile and an override, 4. Created on Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. I realized I messed up when I went to rejoin the domain (Optional) Upgrading the firmware for the HA cluster, Inspecting traffic content using flow-based inspection, 1. Switching to VDOM mode and creating two VDOMs, 2. Storing configuration and license information, 3. First of all, make sure your outbound web policies have Web Filtering enabled, and that your web filter profile has a healthy . Creating a new CA on the FortiAuthenticator, 4. 1. The following CLI commands also assume that the address and service objects have already been created for your WAN IP, for the countries you want to block, for your SSLVPN and management services, and that the WAN interface is wan1. ] . Adding the new web filter profile to a security policy, 1. Using virtual IPs to configure port forwarding, 1. I had to remove the machine from the domain Before doing that . DNS Opt 2: Remove DNS entries from the machines and put the Hosts you need in the hosts file. Connecting to the IPsec VPN from iPhone, 2. Enabling endpoint control on the FortiGate, 2. Create a web filter security policy where you can setup website blocking and exemptions and attach that security policy to a firewall policy. Our app is hosted in IBM Cloud and it has public url it uses for communication. The options to configure policy-based IPsec VPN are unavailable. Editing the default Web Application Firewall profile, 3. (Optional) Upgrading the firmware for the HA cluster, Inspecting traffic content using flow-based inspection, 1. Set Type to Wildcard, set Action to Block, and set Status to Enable. The blocked social networking sites are listed in the Domain column. Created on Configuring user groups on the FortiGate, 7. Go to Security Profiles > Application Control and view the default profile. Creating a DNS Filtering firewall policy, 2. A FortiGuard Web Page Blocked! Creating a firewall address for L2TP clients, 5. Configuring sandboxing in the default FortiClient profile, 6. Edited on Creating a policy for part-time staff that enforces the schedule, 5. Created on Adding the new web filter profile to a security policy, 1. 07-06-2018 Please have a look at sample profile: The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Check the FortiGate interface configurations (NAT/Route mode only), 5. By default, the Local-In policy allows access to all addresses but you can create address groups to block specific IPs. Creating Security Policy for access to the internal network and the Internet, 6. Importing and signing the CSR on the FortiAuthenticator, 5. Installing FSSO agent on the Windows DC server, 3. (Optional) Importing Endpoint Profiles into FortiClient EMS, 3. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence. Creating a security policy for remote access to the Internet, 4. (Optional) Adding security profiles to the fabric, Integrating a FortiGate with FortiClient EMS, 2. Configuring the Microsoft Azure virtual network, 2. Customizing the captive portal login page, 6. set srcaddr "Blocked Countries". Add the RADIUS server to the FortiGate configuration, 3. Creating the Microsoft Azure virtual network gateway, 4. FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. FortiGuard is particularly effective because it uses both hardware and software controls to block content. To rephrase the explanation here - it is webserver hosting data and displaying it in JSON format as REST api. Connecting and authorizing the FortiAP, Captive portal two-factor authentication with FortiToken Mobile, 2. 07-10-2018 Creating a policy to allow traffic from the internal network to the Internet, Installing internal FortiGates and enabling Security Fabric, 1. Exporting the LDAPS Certificate in Active Directory (AD), 2. Verify that you can connect to the gateway provided by your ISP. Who knows about blocking websites those days? 07:10 AM Logging to a FortiAnalyzer unit is not working as expected. Creating a local CA on FortiAuthenticator, 2. 07-09-2018 Anthony_E. Creating an application profile to block P2P applications, 6. Creating the FortiGate firewall policies, 9. Installing FSSO agent on the Windows DC, 4. Solution Normal behavior would be to have some entries with allowed status and one wildcard '*' with block. Or is the whitelist web filter only for outgoing http requests ? Creating a policy to allow traffic from the internal network to the Internet, Installing a FortiGate in Transparent mode, 1. I haven't added any wildcards other than what it came with from Fortinet. Go to System > Feature Select to enable the Web Filter feature. Also, you can temporarily disable AppCrypt's website blocking feature by clicking Disable WebBlocker. Using the default Application Control profile to monitor network traffic, 3. And: It is a REST API https connection. Edited on 07-25-2022 Creating the FortiGate firewall policies, 9. Setting up an internal network with a managed FortiSwitch, 6. Technical Tip: How to block all, except some URLs Description This article explains how to use Web-filter to create a white list of HTTP (S) resource, and block rest of the sites. Pre-existing IPsec VPN tunnels need to be cleared. Connecting the FortiGate to the RADIUS Server, 2. 05:48 AM and what do you see in the web browser. Using virtual IPs to configure port forwarding, 1. Blocking Facebook with Web Filtering. Configuring a remote Windows 7 L2TP client, 3. Applying AntiVirus and Web Filter scanning to network traffic, 1. Editing the user and assigning the FortiToken, Configuring ADVPN in FortiOS 5.4 - Redundant hubs (Expert), Configuring ADVPN in FortiOS 5.4 (Expert), Configuring LDAP over SSL with Windows Active Directory, 1. Importing and signing the CSR on the FortiAuthenticator, 5. Copyright 2023 Fortinet, Inc. All Rights Reserved. Creating the LDAPS Server object in the FortiGate, 1. Is there a way i can do that please help. Importing the local certificate to the FortiGate, 6. Go to Security Profiles > Web Filter and edit the default Web Filter profile. edit 1. set intf "wan1". If: Enabling the DNS Filter Security Feature, 2. Does anyone have any clue or scripting links/examples on how to make the URI resources hosted by that server accessible only to the app that has URL: "myFancyApp.mybluemix.net" ? Configuring FortiGate to use FortiAuthenticator as the RADIUS server, 5. Configuring sandboxing in the default AntiVirus profile, 4. Created on For Windows, macOS, and Linux profiles, you must enable FortiProxy (Disable Only When Troubleshooting) on the System Settings tab to use the Web Filter options. C:\Windows\System32\drivers\etc Step 2: Choose Properties and tap on the Users tab. 02:06 AM. Enabling the DNS Filter Security Feature, 2. Then, to add the 1 website that you are permitting, you would add that to the website filter exceptions list. FortiClient can block webpages outside of web filtering. Checking cluster operation and disabling override, 2. Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Defining a device using its MAC address, 4. He had firewall on and app couldn't connect. One way to block attacks against a FortiGate device that has an IPSec VPN service enabled is via configuring a Local-In policy. Register the FortiGate as a RADIUS client on the FortiAuthenticator, 3. Confirm that the FortiGuard category based filter is enabled. Registering the FortiGate as a RADIUS client on NPS, 4. Creating the Web filtering security policy, Blocking social media websites using FortiGuard categories, 3. Configuring Windows 7 wireless profile to use certificate, WiFi with WSSO using FortiAuthenticator RADIUS and Attributes, 1. symbol means: match the same or different character than the one before the symbol, but is followed by the rest of the sentence.For example:'fortinet.com' will match 'fortinetacom', 'fortinetbcom', 'fortinetzcom'Configuring a URL filter:GUI:1) Go to Security Profiles -> Web Filter.2) Select a web filter to edit.3) Under Static URL Filter, enable URL Filter, and select Create New.4) Enter the URL, without the http, for example: www.example*.com5) Select a Type: Simple , Regular Expression, or Wildcard.