FortiGuard filter of webfilter

FortiGuard filter of webfilter

To use this service, you must have a valid subscription on your FortiGate.

FortiGuard filter enhances the web filtering features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories that users can allow or block.

FortiGuard web filtering services includes over 45 million individual website rating that applies to more than two billion pages. When FortiGuard filter is enabled in a webfilter and is applied to firewall policies, if a request for a web page appears in traffic controlled by one of the firewall policies, the URL is sent to the nearest FortiGuard server. The URL category or rating is returned. If the category is blocked, the FortiGate shows a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.

FortiGuard webfilter action

You can select one of the following FortiGuard webfilter actions:

FortiGuard webfilter categories

FortiGuard has many webfilter categories including two local categories and a special remote category. For more information on the different categories, see the table below.

The priority of categories is local category > external category > FortiGuard built-in category. If a URL is configured as a local category, it only follows the behavior of local category and not external or FortiGuard built-in category.

Sample configuration of blocking a web category

This example shows blocking a website based on its category (rating), for example, information technology.

To block a category in the GUI:

1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
2. Open the General Interest -Business section by clicking the + icon beside it.
3. Select Information Technology and then select Block.

To block a category in the CLI:

config webfilter profile

edit “webfilter”

config ftgd-wf

unset options

config filters

edit 1

set category 52    <– the pre-set id of “information technology” caterogy

set action block   <– set action to block  next

end

end

next end

To validate that you have blocked a category:

1. Go to a website belonging to the blocked category, for example, www.fortinet.com, and you see a blocked page and the category that is blocked.

To view the log of a blocked website in the GUI:

1. Go to Log & Report > Web Filter.

To view the log of a blocked website in the CLI:

FGT52E-NAT-WF # execute log filter category utm-webfilter

FGT52E-NAT-WF # execute log display

1: date=2019-04-22 time=13:46:25 logid=”0316013056″ type=”utm” subtype=”webfilter” eventtype=”ftgd_blk” level=”warning” vd=”vdom1″ eventtime=1555965984972459609 policyid=1 sessionid=659263 srcip=10.1.200.15 srcport=49234 srcintf=”wan2″ srcintfrole=”wan” dstip=54.183.57.55 dstport=80 dstintf=”wan1″ dstintfrole=”wan” proto=6 service=”HTTP” hostname=”www.fortinet.com” profile=”webfilter” action=”blocked” reqtype=”direct” url=”/” sentbyte=386 rcvdbyte=0 direction=”outgoing” msg=”URL belongs to a denied category in policy” method=”domain” cat=52 catdesc=”Information Technology”

Sample configuration of issuing a warning

This example shows issuing a warning when a user visits a website based on its category (rating), for example, information technology.

To configure a warning in the GUI:

1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
2. Open the General Interest -Business section by clicking the + icon beside it.
3. Select Information Technology and then select Warning.
4. Set the Warning Interval which is the interval when the warning page appears again after the user chooses to continue.

To configure a warning in the CLI:

config webfilter profile edit “webfilter” config ftgd-wf unset options config filters edit 1 set category 52

set action warning  <– set action to warning

next

end

end

next end

To validate that you have configured the warning:

1. Go to a website belonging to the selected category, for example, www.fortinet.com, and you see a warning page where you can choose to Proceed or Go Back.

Sample configuration of authenticating a web category

This example shows authenticating a website based on its category (rating), for example, information technology.

To authenticate a category in the GUI:

1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
2. Open the General Interest -Business section by clicking the + icon beside it.
3. Select Information Technology and then select Authenticate.
4. Set the Warning Interval which is the interval when the authentication page appears again after authentication.
5. Click the + icon beside Selected User Group and select a user group. You must have a valid user group to use this feature.

To authenticate a category in the CLI:

config webfilter profile edit “webfilter” config ftgd-wf

unset options

config filters edit 1

set category 52

set action authenticate         <– set the action of authenticate set auth-usr-grp “local_group”  <– user to authenticate

next

end end

next

end

To validate that you have configured authentication:

1. Go to a website belonging to the selected category, for example, www.fortinet.com. First, you see a warning page where you can choose to Proceed or Go Back.
2. Click Proceed to check that the authentication page appears.
3. Enter the username and password of the user group you selected, and click Continue.

If the credentials are correct, the traffic is allowed through.

Sample customization of the replacement page

When the FortiGuard webfilter action is Block, Warning, or Authenticate, there is a Customize option for you to customize the replace page.

To customize the replace page:

1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
2. Right-click the item and select Customize.
3. A pane appears for you to customize the page.