Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.4.0 Cookbook

Web filtering using quotas

5.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 598118ae-ea1f-11e9-8977-00505692583a:898834
Download PDF

Web filtering using quotas

This recipe demonstrates how to set up a web filter security profile with a quota that dynamically limits the amount of time users on an internal network can access websites categorized as "General Interest". An active license for FortiGuard Web filtering Services is required to use web filtering with quotas.

You can also apply quotas to specific users on your network by creating granular policies that apply different quotas to different user groups using specific firewall addresses or needing authentication.

See User and device authentication for information about creating user accounts.

1. Enabling web filtering

Go to System > Feature Select and confirm that Web Filter is ON. If necessary, click Apply to make your changes.

2. Creating a web filter profile that uses quotas

Go to Security Profiles > Web Filter. Edit the default profile and enable FortiGuard category based filter.

Right-click on the category General Interest – Personal and select Monitor. Do the same for the category General Interest – Business.

These categories include a variety of sites that are commonly blocked in the workplace, such as games, instant messaging, and social media. For a complete description of each web filtering category, visit the FortiGuard Web Filtering page.

Under Category Usage Quota, select Create New.

Select both General Interest – Personal and General Interest – Business. For testing purposes, set the Quota to 5 Minutes.

The web filter now displays all the General Interest sub-categories and the applied quota.

3. Adding web filtering to a security policy

Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Web Filter and use the default profile.

Note: If you are applying quotas to specific users or devices, edit Source Address to apply the policy only to them.

4. Results

Browse to www.ebay.com, a website in the General Interest – Personal category.

Access to the website is allowed for 5 minutes, after which time a "web page blocked" message appears. The message appears each time users affected by the security policy try to access General Interest sites until the quota is reset (every 24 hours at midnight).

Go to FortiView > Threats and select the 5 minutes view. You can see the blocked traffic.

For further reading, check out Blocking social media websites using FortiGuard categories, Blocking Facebook with Web Filtering, and FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

Previous
Next

Web filtering using quotas

This recipe demonstrates how to set up a web filter security profile with a quota that dynamically limits the amount of time users on an internal network can access websites categorized as "General Interest". An active license for FortiGuard Web filtering Services is required to use web filtering with quotas.

You can also apply quotas to specific users on your network by creating granular policies that apply different quotas to different user groups using specific firewall addresses or needing authentication.

See User and device authentication for information about creating user accounts.

1. Enabling web filtering

Go to System > Feature Select and confirm that Web Filter is ON. If necessary, click Apply to make your changes.

2. Creating a web filter profile that uses quotas

Go to Security Profiles > Web Filter. Edit the default profile and enable FortiGuard category based filter.

Right-click on the category General Interest – Personal and select Monitor. Do the same for the category General Interest – Business.

These categories include a variety of sites that are commonly blocked in the workplace, such as games, instant messaging, and social media. For a complete description of each web filtering category, visit the FortiGuard Web Filtering page.

Under Category Usage Quota, select Create New.

Select both General Interest – Personal and General Interest – Business. For testing purposes, set the Quota to 5 Minutes.

The web filter now displays all the General Interest sub-categories and the applied quota.

3. Adding web filtering to a security policy

Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Web Filter and use the default profile.

Note: If you are applying quotas to specific users or devices, edit Source Address to apply the policy only to them.

4. Results

Browse to www.ebay.com, a website in the General Interest – Personal category.

Access to the website is allowed for 5 minutes, after which time a "web page blocked" message appears. The message appears each time users affected by the security policy try to access General Interest sites until the quota is reset (every 24 hours at midnight).

Go to FortiView > Threats and select the 5 minutes view. You can see the blocked traffic.

For further reading, check out Blocking social media websites using FortiGuard categories, Blocking Facebook with Web Filtering, and FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

Previous
Next