Web filtering restricts or controls user access to web resources and can be applied to firewall policies using either policy-based or profile-based NGFW mode.
In FortiOS, there are three main components of web filtering:
- Web content filter: blocks web pages containing words or patterns that you specify.
- URL filter: uses URLs and URL patterns to block or exempt web pages from specific sources, or block malicious URLs discovered by FortiSandbox.
- FortiGuard Web Filtering service: provides many additional categories you can use to filter web traffic.
These components interact with each other to provide maximum control over what users on your network can view and protect your network from many internet content threats.
Web filters are applied in the following order:
- URL filter
- FortiGuard Web Filtering
- Web content filter
- Web script filter
- Antivirus scanning
FortiOS includes three preloaded web filter profiles:
- monitor-all (monitors and logs all URLs visited, flow-based)
- wifi-default (default configuration for offloading WiFi traffic)
You can customize these profiles, or you can create your own to manage network user access.
Some features of this functionality require a subscription to FortiGuard Web Filtering.
The following topics provide information about web filters: