- Go to Policy & Objects > IPv4 Policy and click Create New.
- Give the policy an identifying name, in this example, blocking-facebook.
Set Incoming Interface to the internal network.
Set Outgoing Interface to the Internet-facing interface.
- In the Security Profiles section, enable Web Filter and Application Control, and use the default web filter and application control profiles.
When you select these profiles, SSL/SSH Inspection is enabled by default. If you are using proxy-based inspection mode, then Proxy Options is also be enabled by default.
To inspect all traffic, set SSL/SSH Inspection to deep-inspection.
- The new policy must be first in the list in order to be applied to Internet traffic. Confirm this by viewing policies By Sequence.
To move a policy up or down, click and drag the left column of the policy.
If your FortiAP is configured in tunnel mode, you must edit the wireless policy and apply the web filter and application control security profiles to that policy.