Whitelisting PhishGuard in Fortinet FortiGate

Whitelisting PhishGuard in Fortinet FortiGate

Fortinet's FortiGate web filter can be configured to allow access to PhishGuard phish and landing domains. We recommend whitelisting PhishGuard in Fortigate's web filter if your users experience issues accessing our landing pages (upon failing a phishing test).

In this article, we will discuss:

• Whitelisting by static URL filter

Whitelisting by Static URL Filter

You can allow access to our phishing domains by adding them to your Static URL Filter list in your Fortigate firewall. The FortiGate web filter allows web pages matching the URLs you specify. 

Whitelisting with web rating overrides is another method of whitelisting offered by Fortinet. This method is for organizations using Fortiguard categories. For more information on this method, please see Fortinet's Web rating override article.

1. First, navigate to the List of Domains and IPs, and find the Domains table that has a list of our Phishing Scenario Domains.
2. Log in to your Fortinet account.
3. Navigate to Security Profiles > Web Filter.
4. Create a new web filter or select one to edit.
5. Expand Static URL Filter, enable URL Filter, and select Create.
6. Enter the URLs, without the “https”. For example, www.example.com, enter each phishing domain in Step 1.
7. Select Type: Simple
8. Select the Action to take against matching URLs: Allow
9. Confirm that Status is enabled.

After following this article, we recommend setting up a test phishing campaign for 1-2 users to ensure your whitelisting was successful. 

Article Ref: FortiGate's Static URL Filter article