Fortinet black logo

Administration Guide

Websense Integrated Services Protocol

Websense Integrated Services Protocol (WISP) servers can be used server, which allows the FortiGate to send traffic to the third-party web filtering service for rating and approval checking.

When WISP is enabled, the FortiGate maintains a pool of TCP connections to the WISP server. The TCP connections are used to forward HTTP request information and log information to the WISP server and receive policy decisions.

When a WISP server is used in a web filter profile, in flow or proxy mode, the following web filter scanning priority sequence is used:

  1. Local URL filter
  2. Websense web filtering service
  3. FortiGuard web filtering service

The following example uses a WISP server configured in a flow mode web filter profile.

To use a WISP server in flow mode:
  1. Configure the WISP servers:
    config web-proxy wisp
        edit "wisp1"
            set server-ip 10.2.3.4
        next
        edit "wisp2"
            set server-ip 10.2.3.5
        next
        edit "wisp3"
            set server-ip 192.168.1.2
        next
        edit "wisp4"
            set server-ip 192.168.3.4
        next
    end
  2. Configure the web filter profile:
    config webfilter profile
        edit "webfilter_flowbase"
            set feature-set flow
            config ftgd-wf
                unset options
                config filters
                    edit 64
                        set category 64
                        set action block
                    next
                end
            end
            set wisp enable
            set wisp-servers "wisp1" "wisp2"
            set wisp-algorithm {primary-secondary | round-robin | auto-learning}
            set log-all-url enable
        next
    end

Websense Integrated Services Protocol (WISP) servers can be used server, which allows the FortiGate to send traffic to the third-party web filtering service for rating and approval checking.

When WISP is enabled, the FortiGate maintains a pool of TCP connections to the WISP server. The TCP connections are used to forward HTTP request information and log information to the WISP server and receive policy decisions.

When a WISP server is used in a web filter profile, in flow or proxy mode, the following web filter scanning priority sequence is used:

  1. Local URL filter
  2. Websense web filtering service
  3. FortiGuard web filtering service

The following example uses a WISP server configured in a flow mode web filter profile.

To use a WISP server in flow mode:
  1. Configure the WISP servers:
    config web-proxy wisp
        edit "wisp1"
            set server-ip 10.2.3.4
        next
        edit "wisp2"
            set server-ip 10.2.3.5
        next
        edit "wisp3"
            set server-ip 192.168.1.2
        next
        edit "wisp4"
            set server-ip 192.168.3.4
        next
    end
  2. Configure the web filter profile:
    config webfilter profile
        edit "webfilter_flowbase"
            set feature-set flow
            config ftgd-wf
                unset options
                config filters
                    edit 64
                        set category 64
                        set action block
                    next
                end
            end
            set wisp enable
            set wisp-servers "wisp1" "wisp2"
            set wisp-algorithm {primary-secondary | round-robin | auto-learning}
            set log-all-url enable
        next
    end