FortiGuard filter of webfilter

FortiGuard filter of webfilter

To use this service, you must have a valid subscription on your FortiGate.

FortiGuard filter enhances the web filtering features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories that users can allow or block.

FortiGuard web filtering services includes over 45 million individual website rating that applies to more than two billion pages. When FortiGuard filter is enabled in a webfilter and is applied to firewall policies, if a request for a web page appears in traffic controlled by one of the firewall policies, the URL is sent to the nearest FortiGuard server. The URL category or rating is returned. If the category is blocked, the FortiGate shows a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.

FortiGuard webfilter action

You can select one of the following FortiGuard webfilter actions:

FortiGuard webfilter Action Description
Allow Permit access to the sites in the category.
Block Prevent access to the sites in the category. Users trying to access a blocked site sees a replacement message indicating the site is blocked.
Monitor Permits and logs access to sites in the category. You can enable user quotas when you enable this action.
Warning Displays a message to the user allowing them to continue if they choose.
Authenticate Requires the user to authenticate with the FortiGate before allowing access to the category or category group.

FortiGuard webfilter categories

FortiGuard has many webfilter categories including two local categories and a special remote category. For more information on the different categories, see the table below.

FortiGuard webfilter category Where to find more information
All URL categories https://fortiguard.com/webfilter/categories.
Remote category External resources for webfilter on page 329.

The priority of categories is local category > external category > FortiGuard built-in category. If a URL is configured as a local category, it only follows the behavior of local category and not external or FortiGuard built-in category.

Sample configuration of blocking a web category

This example shows blocking a website based on its category (rating), for example, information technology.

To block a category in the GUI:

  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
  2. Open the General Interest -Business section by clicking the + icon beside it.
  3. Select Information Technology and then select Block.

To block a category in the CLI:

config webfilter profile

edit “webfilter”

config ftgd-wf

unset options

config filters

edit 1

set category 52    <– the pre-set id of “information technology” caterogy

set action block   <– set action to block  next

end

end

next end

To validate that you have blocked a category:

  1. Go to a website belonging to the blocked category, for example, www.fortinet.com, and you see a blocked page and the category that is blocked.

To view the log of a blocked website in the GUI:

  1. Go to Log & Report > Web Filter.

To view the log of a blocked website in the CLI:

FGT52E-NAT-WF # execute log filter category utm-webfilter

FGT52E-NAT-WF # execute log display

1: date=2019-04-22 time=13:46:25 logid=”0316013056″ type=”utm” subtype=”webfilter” eventtype=”ftgd_blk” level=”warning” vd=”vdom1″ eventtime=1555965984972459609 policyid=1 sessionid=659263 srcip=10.1.200.15 srcport=49234 srcintf=”wan2″ srcintfrole=”wan” dstip=54.183.57.55 dstport=80 dstintf=”wan1″ dstintfrole=”wan” proto=6 service=”HTTP” hostname=”www.fortinet.com” profile=”webfilter” action=”blocked” reqtype=”direct” url=”/” sentbyte=386 rcvdbyte=0 direction=”outgoing” msg=”URL belongs to a denied category in policy” method=”domain” cat=52 catdesc=”Information Technology”

Sample configuration of issuing a warning

This example shows issuing a warning when a user visits a website based on its category (rating), for example, information technology.

To configure a warning in the GUI:

  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
  2. Open the General Interest -Business section by clicking the + icon beside it.
  3. Select Information Technology and then select Warning.
  4. Set the Warning Interval which is the interval when the warning page appears again after the user chooses to continue.

To configure a warning in the CLI:

config webfilter profile edit “webfilter” config ftgd-wf unset options config filters edit 1 set category 52

set action warning  <– set action to warning

next

end

end

next end

To validate that you have configured the warning:

  1. Go to a website belonging to the selected category, for example, www.fortinet.com, and you see a warning page where you can choose to Proceed or Go Back.

Sample configuration of authenticating a web category

This example shows authenticating a website based on its category (rating), for example, information technology.

To authenticate a category in the GUI:

  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
  2. Open the General Interest -Business section by clicking the + icon beside it.
  3. Select Information Technology and then select Authenticate.
  4. Set the Warning Interval which is the interval when the authentication page appears again after authentication.
  5. Click the + icon beside Selected User Group and select a user group. You must have a valid user group to use this feature.

To authenticate a category in the CLI:

config webfilter profile edit “webfilter” config ftgd-wf

unset options

config filters edit 1

set category 52

set action authenticate         <– set the action of authenticate set auth-usr-grp “local_group”  <– user to authenticate

next

end end

next

end

To validate that you have configured authentication:

  1. Go to a website belonging to the selected category, for example, www.fortinet.com. First, you see a warning page where you can choose to Proceed or Go Back.
  2. Click Proceed to check that the authentication page appears.
  3. Enter the username and password of the user group you selected, and click Continue.

If the credentials are correct, the traffic is allowed through.

Sample customization of the replacement page

When the FortiGuard webfilter action is Block, Warning, or Authenticate, there is a Customize option for you to customize the replace page.

To customize the replace page:

  1. Go to Security Profiles > Web Filter and go to the FortiGuard category based filter
  2. Right-click the item and select Customize.
  3. A pane appears for you to customize the page.
This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.