Fortinet Document Library

Version:


Table of Contents

More Links

Profile-based NGFW vs policy-based NGFW

New Features

6.4.0
Download PDF
Copy Link

Configure web filter profiles in NGFW policy mode 6.4.2

Web filters can be configured in NGFW policy mode, and used in security policies.

To create in web filter profile when the FortiGate is in policy mode in the GUI:
  1. Go to Security Profiles > Web Filter and click Create New.

    Only Static URL Filter options can be configured.

  2. Enter a name for the profile and configure the remaining settings as required:

  3. Click OK.
To use the web filter profile in a security policy in the GUI:
  1. Go to Policy & Objects > Security Policy and click Create New.
  2. Enter a name for the policy, and configure the remaining settings as required.
  3. Under Security Profiles, enable Web Filter and select the web filter.

  4. Click OK.
To create in web filter profile when the FortiGate is in policy mode in the CLI:
  1. Configure a URL filter:
    config webfilter urlfilter
        edit 1
            set name "Auto-webfilter-urlfilter_bwv7i1r83"
            config entries
                edit 1
                    set url "*.bot*.com"
                    set type wildcard
                    set action block
                next
            end
        next
    end
  2. Configure content filters:
    config webfilter content
        edit 1
            set name "Auto-webfilter-content_mqqyssuxd"
            config entries
                edit "gambling"
                    set status enable
                next
                edit "news"
                    set status enable
                next
                edit "test"
                    set status enable
                next
                edit "example"
                    set status enable
                next
            end
        next
    end
  3. Configure the web filter profile:
    config webfilter profile
        edit "webfilter-demo"
            set options block-invalid-url
            config web
                set bword-table 1
                set urlfilter-table 1
                set blacklist enable
            end
        next
    end
To use the web filter profile in a security policy in the CLI:
config firewall security-policy
    edit 1
        set name "policy-demo-1"
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set webfilter-profile "webfilter-demo"
        set app-category 15 25
    next
end

More Links

Configure web filter profiles in NGFW policy mode 6.4.2

Web filters can be configured in NGFW policy mode, and used in security policies.

To create in web filter profile when the FortiGate is in policy mode in the GUI:
  1. Go to Security Profiles > Web Filter and click Create New.

    Only Static URL Filter options can be configured.

  2. Enter a name for the profile and configure the remaining settings as required:

  3. Click OK.
To use the web filter profile in a security policy in the GUI:
  1. Go to Policy & Objects > Security Policy and click Create New.
  2. Enter a name for the policy, and configure the remaining settings as required.
  3. Under Security Profiles, enable Web Filter and select the web filter.

  4. Click OK.
To create in web filter profile when the FortiGate is in policy mode in the CLI:
  1. Configure a URL filter:
    config webfilter urlfilter
        edit 1
            set name "Auto-webfilter-urlfilter_bwv7i1r83"
            config entries
                edit 1
                    set url "*.bot*.com"
                    set type wildcard
                    set action block
                next
            end
        next
    end
  2. Configure content filters:
    config webfilter content
        edit 1
            set name "Auto-webfilter-content_mqqyssuxd"
            config entries
                edit "gambling"
                    set status enable
                next
                edit "news"
                    set status enable
                next
                edit "test"
                    set status enable
                next
                edit "example"
                    set status enable
                next
            end
        next
    end
  3. Configure the web filter profile:
    config webfilter profile
        edit "webfilter-demo"
            set options block-invalid-url
            config web
                set bword-table 1
                set urlfilter-table 1
                set blacklist enable
            end
        next
    end
To use the web filter profile in a security policy in the CLI:
config firewall security-policy
    edit 1
        set name "policy-demo-1"
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set webfilter-profile "webfilter-demo"
        set app-category 15 25
    next
end