Web filtering example

Web filtering is particularly important for protecting school-aged children. There are legal issues associated with improper web filtering as well as a moral responsibility not to allow children to view inappropriate material. The key is to design a web filtering system in such a way that students and staff do not fall under the same web filter profile in the FortiGate configuration. This is important because the staff may need to access websites that are off-limits to the students.

School district

The background for this scenario is a school district with more than 2300 students and 500 faculty and staff in a preschool, three elementary schools, a middle school, a high school, and a continuing education center. Each elementary school has a computer lab and the high school has three computer labs with connections to the Internet. Such easy access to the Internet ensures that every student touches a computer every day.

With such a diverse group of Internet users, it was not possible for the school district to set different Internet access levels. This meant that faculty and staff were unable to view websites that the school district had blocked. Another issue was the students’ use of proxy sites to circumvent the previous web filtering system. A proxy server acts as a go-between for users seeking to view web pages from another server. If the proxy server has not been blocked by the school district, the students can access the blocked website.

When determining what websites are appropriate for each school, the district examined a number of factors, such as community standards and different needs of each school based on the age of the students.

The district decided to configure the FortiGate web filtering options to block content of an inappropriate nature and to allow each individual school to modify the options to suit the age of the students. This way, each individual school was able to add or remove blocked sites almost immediately and have greater control over their students’ Internet usage.

In this simplified example of the scenario, the district wants to block any websites with the word example on them, as well as the website www.example.com. The first task is to create web content filter lists for the students and the teachers.

To create a web content filter list for the students config webfilter content

edit 5

set name “Student Web Content List” config entries

edit example

set action block set status enable

end

end

It might be more efficient if the Teacher Web Content List included the same blocked content as the student list. From time to time a teacher might have to view a blocked page. It would then be a matter of changing the Action from Block to Allow as the situation required.

To create a web content filter list for the teachers config webfilter content

edit 5

set name “Teacher Web Content List” config entries

edit example

set action exempt set status enable

end

end

URL filter lists with filters to block unwanted web sites must be created for the students and teachers. For this example the URL www.example.com will be used.

To create a URL filter for the students

1. Go to Security Profiles > Web Filter > URL Filter.
2. Select Create New.
3. Enter Student URL List as the URL filter Name.
4. Enter optional comments to describe the contents of the list.
5. Select OK.

The URL filter for the students has been created. Now it must be configured.

6. Select Create New.
7. Enter com in the URL field.
8. Select Simple from the Type
9. Select Block from the Action

10.Select Enable.

11.Select OK.

12.Select OK.

The teachers should be able to view the students’ blocked content, however, so an addition URL filter is needed.

To create a URL filter for the teachers

1. Go to Security Profiles > Web Filter > URL Filter.
2. Select Create New.
3. Enter Teacher URL List as the URL filter Name.
4. Enter optional comments to describe the list.
5. Select OK.

The URL filter for the students has been created. Now it must be configured.

6. Select Create New.
7. Enter example.com in the URL field.
8. Select Simple from the Type
9. Select Exempt from the Action

10.Select Enable.

11.Select OK.

12.Select OK.

A web filter profile must be created for the students and the teachers.

To create a web filter profile for the students

1. Go to Security Profiles > Web Filter > Profiles.
2. Select the Create New icon in the Edit Web Filter window title bar.
3. Enter Students as the Profile Name.
4. Enter optional comments to identify the profile.
5. Expand the Advanced Filter
6. Enable Web Content Filter.
7. Select Student Web Content List from the Web Content Filter drop-down list.
8. Enable Web URL Filter.
9. Select Student URL List from the Web URL Filter drop-down list.

10.Enable Web Resume Download Block.

Selecting this setting will block downloading parts of a file that have already been downloaded and prevent the unintentional download of virus files hidden in fragmented files. Note that some types of files, such as PDFs, are fragmented to increase download speed, and that selecting this option can cause download interruptions with these types.

11.Select OK.

To create a security policy for the students

1. Go to Policy > Policy > Policy.
2. Select Create New.
3. Enable Web Filter.
4. Select Students from the web filter drop-down list.
5. Enter optional comments.
6. Select OK.

 

To create a web filter profile for the teachers

1. Go to Security Profiles > Web Filter > Profiles.
2. Select the Create New icon in the Edit Web Filter window title bar.
3. Enter Teachers as the Profile Name.
4. Enter optional comments to identify the profile.
5. Expand the Advanced Filter
6. Enable Web Content Filter.
7. Select Teacher Web Content List from the Web Content Filter drop-down list.
8. Enable Web URL Filter.
9. Select Teacher URL List from the Web URL Filter drop-down list.

10.Enable Web Resume Download Block.

11.Select OK.

To create a security policy for Teachers

1. Go to Policy > Policy > Policy.
2. Select Create New.
3. Enable Web Filter.
4. Select Teachers from the web filter drop-down list.
5. Enter optional comments.

Select OK.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!