This recipe explains how to block access to social media websites using FortiGuard categories. An active license for FortiGuard Web Filtering service is required.
Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network’s access to websites.
If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering.
Go to System > Feature Select and confirm that the Web Filter feature is enabled.
Go to Security Profiles > Web Filter and edit the default Web Filter profile. Confirm that the FortiGuard category based filter is enabled. FortiGuard’s web filtering categories are organized into six main groups; descriptions can be found at FortiGuard Center.
Right-click on the General Interest – Personal FortiGuard category. Scroll down to the Social Networking subcategory and right-click again. Select Block.
Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use.
Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface.
Under Security Profiles, enable Web Filter and select the default web filter profile.
Enable HTTPS traffic. Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.
In order to be applied to Internet traffic, the new policy has to be higher in the policy sequence than any other policy that could manage the same traffic. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence.
To move a policy up or down, click and drag the far-left column of the policy.
A FortiGuard Web Page Blocked! message appears when attempting to visit sites in the blocked category.
Go to FortiView > Websites and select the 5 minutes view. The blocked social networking sites are listed in the Domain column.