Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 6.0.5 EMS Administration Guide
    6.0.5
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Web Filter

    Web Filter

    For Windows, macOS, and Linux profiles, you must enable FortiProxy (Disable Only When Troubleshooting) on the System Settings tab to use the Web Filter options.

    Configuration

    Description

    Web Filter

    Enable or disable web filtering.

    General

    Client Web Filtering When On-Net

    Enable client web filtering when on-net. Only available for Windows and macOS profiles. This setting affects the Block Access to Malicious Websites setting in AntiVirus Protection.

    Log All URLs

    Enable to log all URLs.

    Log User Initiated Traffic

    Enable to log user initiated traffic.

    Show Bubble Notification When HTTPS Site Is Blocked

    Enable to show a bubble notification when an HTTPS site is blocked.

    Enable Safe Search

    Enable safe search.

    When Safe Search is enabled, the endpoint's Google search is set to Restricted mode, and YouTube access is set to Strict Restricted access. To set YouTube access to Moderate Restricted or Unrestricted YouTube access, you can disable Safe Search and configure Google Search and YouTube access with the Google Admin Console instead of FortiClient EMS.

    Site Categories

    Select to enable site categories from FortiGuard. When site categories are disabled, FortiClient is protected by the exclusion list.

    See the FortiGuard website for descriptions of the available categories and subcategories.

    For all categories below, you can configure an action for the entire site category by selecting one of the following:

    • Block
    • Warn
    • Allow
    • Monitor

    You can also click the + button beside the site category to view all subcategories and configure individual actions (Block, Warn, Allow, Monitor) for each subcategory. Each site category's subcategories are listed below.

    Adult/Mature Content
    • Abortion
    • Advocacy Organizations
    • Alcohol
    • Alternative Beliefs
    • Dating
    • Gambling
    • Lingerie and Swimsuit
    • Marijuana
    • Nudity and Risque
    • Other Adult Materials
    • Pornography
    • Sex Education
    • Sports Hunting and War Games
    • Tobacco
    • Weapons (Sales)

    Bandwidth Consuming
    • File Sharing and Storage
    • Freeware and Software Downloads
    • Internet Radio and TV
    • Internet Telephony
    • Peer-to-peer File Sharing
    • Streaming Media and Download

    General Interest-Business
    • Armed Forces
    • Business
    • Charitable Organizations
    • Finance and Banking
    • General Organizations
    • Government and Legal Organizations
    • Information Technology
    • Information and Computer Security
    • Online Meeting
    • Remote Access
    • Search Engines and Portals
    • Secure Websites
    • Web Analytics
    • Web Hosting
    • Web-based Applications

    General Interest-Personal

    • Advertising
    • Arts and Culture
    • Auction
    • Brokerage and Trading
    • Child Education
    • Content Servers
    • Digital Postcards
    • Domain Parking
    • Dynamic Content
    • Education
    • Entertainment
    • Folklore
    • Games
    • Global Religion
    • Health and Wellness
    • Instant Messaging
    • Job Search
    • Meaningless Content
    • Medicine
    • News and Media
    • Newsgroups and Message Boards
    • Personal Privacy
    • Personal Vehicles
    • Personal Websites and Blogs
    • Political Organizations
    • Real Estate
    • Reference
    • Restaurant and Dining
    • Shopping
    • Social Networking
    • Society and Lifestyles
    • Sports
    • Travel
    • Web Chat
    • Web-based Email

    Potentially Liable

    • Child Abuse
    • Discrimination
    • Drug Abuse
    • Explicit Violence
    • Extremist Groups
    • Hacking
    • Illegal or Unethical
    • Plagiarism
    • Proxy Avoidance

    Security Risk
    • Dynamic DNS
    • Malicious Websites
    • Newly Observed Domain
    • Newly Registered Domain
    • Phishing
    • Spam URLs

    Unrated

    Rate IP Addresses

    Enable to have FortiClient request the rating of the site by URL and IP address separately, providing additional security against attempts to bypass the FortiGuard Web Filter.

    If the rating determined by the domain name and the rating determined by the IP address differ, the Action that is enforced will be determined by a weighting assigned to the different categories. The higher weighted category will take precedence in determining the action. This will have the side effect that sometimes the Action will be determined by the classification based on the domain name and other times it will be determined by the classification that is based on the IP address.

    FortiGuard Web Filter ratings for IP addresses are not updated as quickly as ratings for URLs. This can sometimes cause FortiClient to allow access to sites that should be blocked, or to block sites that should be allowed.

    An example of how this would work would be if a URL's rating based on the domain name indicated that it belonged in the category Lingerie and Swimsuit, which is allowed but the category assigned to the IP address was Pornography which has an action of Block, because the Pornography category has a higher weight the effective action is Block.

    Allow websites when rating error occurs

    Configure the action to take with all websites when FortiGuard is temporarily unavailable. This may occur when an endpoint is forced to access a network via a captive portal. FortiClient takes the configured action until contact is reestablished with FortiGuard. Available options are:

    • Block: Deny access to any websites. This may prevent endpoints from accessing captive portals.
    • Warn: Display in-browser warning to user, with an option to proceed to the website
    • Allow: Allow full, unfiltered access to all websites
    • Monitor: Log the site access

    Exclusion List

    Action

    Select one of the following actions:

    • Allow
    • Block
    • Monitor

    URL

    Enter specific URLs to allow, block, or monitor.

    Type

    Select one of the following types:

    • Simple
    • Wildcard
    • Regular Expression

    Wildcard characters and Perl Compatible Regular Expressions (PCRE) can be used.
    Previous
    Next

    Web Filter

    Web Filter

    For Windows, macOS, and Linux profiles, you must enable FortiProxy (Disable Only When Troubleshooting) on the System Settings tab to use the Web Filter options.

    Configuration

    Description

    Web Filter

    Enable or disable web filtering.

    General

    Client Web Filtering When On-Net

    Enable client web filtering when on-net. Only available for Windows and macOS profiles. This setting affects the Block Access to Malicious Websites setting in AntiVirus Protection.

    Log All URLs

    Enable to log all URLs.

    Log User Initiated Traffic

    Enable to log user initiated traffic.

    Show Bubble Notification When HTTPS Site Is Blocked

    Enable to show a bubble notification when an HTTPS site is blocked.

    Enable Safe Search

    Enable safe search.

    When Safe Search is enabled, the endpoint's Google search is set to Restricted mode, and YouTube access is set to Strict Restricted access. To set YouTube access to Moderate Restricted or Unrestricted YouTube access, you can disable Safe Search and configure Google Search and YouTube access with the Google Admin Console instead of FortiClient EMS.

    Site Categories

    Select to enable site categories from FortiGuard. When site categories are disabled, FortiClient is protected by the exclusion list.

    See the FortiGuard website for descriptions of the available categories and subcategories.

    For all categories below, you can configure an action for the entire site category by selecting one of the following:

    • Block
    • Warn
    • Allow
    • Monitor

    You can also click the + button beside the site category to view all subcategories and configure individual actions (Block, Warn, Allow, Monitor) for each subcategory. Each site category's subcategories are listed below.

    Adult/Mature Content
    • Abortion
    • Advocacy Organizations
    • Alcohol
    • Alternative Beliefs
    • Dating
    • Gambling
    • Lingerie and Swimsuit
    • Marijuana
    • Nudity and Risque
    • Other Adult Materials
    • Pornography
    • Sex Education
    • Sports Hunting and War Games
    • Tobacco
    • Weapons (Sales)

    Bandwidth Consuming
    • File Sharing and Storage
    • Freeware and Software Downloads
    • Internet Radio and TV
    • Internet Telephony
    • Peer-to-peer File Sharing
    • Streaming Media and Download

    General Interest-Business
    • Armed Forces
    • Business
    • Charitable Organizations
    • Finance and Banking
    • General Organizations
    • Government and Legal Organizations
    • Information Technology
    • Information and Computer Security
    • Online Meeting
    • Remote Access
    • Search Engines and Portals
    • Secure Websites
    • Web Analytics
    • Web Hosting
    • Web-based Applications

    General Interest-Personal

    • Advertising
    • Arts and Culture
    • Auction
    • Brokerage and Trading
    • Child Education
    • Content Servers
    • Digital Postcards
    • Domain Parking
    • Dynamic Content
    • Education
    • Entertainment
    • Folklore
    • Games
    • Global Religion
    • Health and Wellness
    • Instant Messaging
    • Job Search
    • Meaningless Content
    • Medicine
    • News and Media
    • Newsgroups and Message Boards
    • Personal Privacy
    • Personal Vehicles
    • Personal Websites and Blogs
    • Political Organizations
    • Real Estate
    • Reference
    • Restaurant and Dining
    • Shopping
    • Social Networking
    • Society and Lifestyles
    • Sports
    • Travel
    • Web Chat
    • Web-based Email

    Potentially Liable

    • Child Abuse
    • Discrimination
    • Drug Abuse
    • Explicit Violence
    • Extremist Groups
    • Hacking
    • Illegal or Unethical
    • Plagiarism
    • Proxy Avoidance

    Security Risk
    • Dynamic DNS
    • Malicious Websites
    • Newly Observed Domain
    • Newly Registered Domain
    • Phishing
    • Spam URLs

    Unrated

    Rate IP Addresses

    Enable to have FortiClient request the rating of the site by URL and IP address separately, providing additional security against attempts to bypass the FortiGuard Web Filter.

    If the rating determined by the domain name and the rating determined by the IP address differ, the Action that is enforced will be determined by a weighting assigned to the different categories. The higher weighted category will take precedence in determining the action. This will have the side effect that sometimes the Action will be determined by the classification based on the domain name and other times it will be determined by the classification that is based on the IP address.

    FortiGuard Web Filter ratings for IP addresses are not updated as quickly as ratings for URLs. This can sometimes cause FortiClient to allow access to sites that should be blocked, or to block sites that should be allowed.

    An example of how this would work would be if a URL's rating based on the domain name indicated that it belonged in the category Lingerie and Swimsuit, which is allowed but the category assigned to the IP address was Pornography which has an action of Block, because the Pornography category has a higher weight the effective action is Block.

    Allow websites when rating error occurs

    Configure the action to take with all websites when FortiGuard is temporarily unavailable. This may occur when an endpoint is forced to access a network via a captive portal. FortiClient takes the configured action until contact is reestablished with FortiGuard. Available options are:

    • Block: Deny access to any websites. This may prevent endpoints from accessing captive portals.
    • Warn: Display in-browser warning to user, with an option to proceed to the website
    • Allow: Allow full, unfiltered access to all websites
    • Monitor: Log the site access

    Exclusion List

    Action

    Select one of the following actions:

    • Allow
    • Block
    • Monitor

    URL

    Enter specific URLs to allow, block, or monitor.

    Type

    Select one of the following types:

    • Simple
    • Wildcard
    • Regular Expression

    Wildcard characters and Perl Compatible Regular Expressions (PCRE) can be used.
    Previous
    Next