URL Filtering From Branch Firewall to ZIA

Hello Community,
We are in the process of eliminate one of our office Fortigate firewalls while deploying ZIA.
Our main concern is about ZIA Capabilities for URL Filtering. On current Fortigate we have several rules per AD group of users for different web resources, i.e., financial users access to PayPal, marketing users access to Facebook, and so on.

Are we able to reproduce those access, the same way that we currently have in our Fortigate? We use Azure AD.
If so, the way to do it is thru the URL Filtering section in ZIA portal? I read somewhere that Cloud App Control was recommended over URL Filtering.

Also, we are planning to use Z-Tunnel 2.0, any peculiarities because of that?

Thank you all!!

Hello Xavier,

yes, basically you can create URL filtering rules and configure them to be applied e.g. to dedicated AAD-groups OR AAD-users OR AAD-departments (assuming you use these attributes and have a working SAML/SCIM sync). Additional “and”-linkage would be locations, protocols, request methods, time, devices, etc.

You can do the nearly same (without the strict AND/OR requirements) for “Cloud App Control Policies”.

All this is configured in ZIA, Policy, URL & Cloud App Control. For more please check:


1 Like

Thank you so much Manuel for the assistance !!

1 Like