Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    EMS Administration Guide

    Home FortiClient 7.4.5 EMS Administration Guide
    7.4.5
    7.4.5
    7.4.4
    7.4.3
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Using Referrer Host on Windows, macOS, Linux, and Chromebooks

    Using Referrer Host on Windows, macOS, Linux, and Chromebooks

    You can define exclusions based on the referrer host (source) URL on FortiClient Windows, macOS, Linux, and Chromebooks using the Referrer Host option in EMS (see Web Filter) or the <referrer> XML option.

    <urls>
	<url>
		<action>allow</action>
		<type>simple</type>
		<address>youtube.com</address>
		<referrer>google.com</referrer>
	 </url>
</urls>

    As opposed to allowing a site regardless of how the user reaches it (using the destination URL pattern), admins can block direct access attempts while ensuring that legitimate searches via allowed referrers are permitted. For example, admins can allow YouTube videos when accessed through Google search results while blocking direct access to YouTube. This provides more precise control, reduces the risk of unwanted content access, and helps maintain a better security posture while keeping user access flexible.

    Example


    An organization wants to allow access to YouTube videos only when users open them through Google search results but not when they visit YouTube directly.

    1. Navigate to Endpoint Profiles > Web Filter.

    2. Create a new profile or edit an existing one.

    3. Block category Bandwidth Consuming and make sure Web Browser Plugin for Web Filtering is enabled.

    4. Scroll down to Exclusion List and add a Web Filter exclusion on EMS with Referrer Host defined:

      • URL: *.youtube.com/*

      • Referrer Host: *.google.com/*

      • Type: Wildcard

      • Action: Allow

      Alternatively, you can click Import to import an existing exclusion list from FortiManager or FortiGate with the referrer already defined.

      Referrer-based exclusions imported from FortiGate or FortiManager work exactly as configured on FortiGate or FortiManager. The entries cannot be modified from EMS GUI or XML for integrity.

    5. Save the profile and deploy it to relevant endpoints.

    6. On an endpoint, open FortiClient and verify that the configured exclusion list is visible under the Web & Video Filter tab after syncing from the EMS.

    7. Open any browser on the endpoint and verify that web filter extension is imported.

    8. Try accessing youtube.com directly and it should be blocked.

    9. Try searching for something on Google (e.g., “how to fix Wi-Fi”) and play the video directly from the Google search results. It should play successfully.

    10. Go to the Violations section in the FortiClient GUI and verify that the attempt to access a blocked site directly (or via an untrusted referrer) is logged.

    11. Go to EMS and verify that violations are also logged for that specific endpoint:

    Previous
    Next

    Using Referrer Host on Windows, macOS, Linux, and Chromebooks

    Using Referrer Host on Windows, macOS, Linux, and Chromebooks

    You can define exclusions based on the referrer host (source) URL on FortiClient Windows, macOS, Linux, and Chromebooks using the Referrer Host option in EMS (see Web Filter) or the <referrer> XML option.

    <urls>
	<url>
		<action>allow</action>
		<type>simple</type>
		<address>youtube.com</address>
		<referrer>google.com</referrer>
	 </url>
</urls>

    As opposed to allowing a site regardless of how the user reaches it (using the destination URL pattern), admins can block direct access attempts while ensuring that legitimate searches via allowed referrers are permitted. For example, admins can allow YouTube videos when accessed through Google search results while blocking direct access to YouTube. This provides more precise control, reduces the risk of unwanted content access, and helps maintain a better security posture while keeping user access flexible.

    Example


    An organization wants to allow access to YouTube videos only when users open them through Google search results but not when they visit YouTube directly.

    1. Navigate to Endpoint Profiles > Web Filter.

    2. Create a new profile or edit an existing one.

    3. Block category Bandwidth Consuming and make sure Web Browser Plugin for Web Filtering is enabled.

    4. Scroll down to Exclusion List and add a Web Filter exclusion on EMS with Referrer Host defined:

      • URL: *.youtube.com/*

      • Referrer Host: *.google.com/*

      • Type: Wildcard

      • Action: Allow

      Alternatively, you can click Import to import an existing exclusion list from FortiManager or FortiGate with the referrer already defined.

      Referrer-based exclusions imported from FortiGate or FortiManager work exactly as configured on FortiGate or FortiManager. The entries cannot be modified from EMS GUI or XML for integrity.

    5. Save the profile and deploy it to relevant endpoints.

    6. On an endpoint, open FortiClient and verify that the configured exclusion list is visible under the Web & Video Filter tab after syncing from the EMS.

    7. Open any browser on the endpoint and verify that web filter extension is imported.

    8. Try accessing youtube.com directly and it should be blocked.

    9. Try searching for something on Google (e.g., “how to fix Wi-Fi”) and play the video directly from the Google search results. It should play successfully.

    10. Go to the Violations section in the FortiClient GUI and verify that the attempt to access a blocked site directly (or via an untrusted referrer) is logged.

    11. Go to EMS and verify that violations are also logged for that specific endpoint:

    Previous
    Next