Fortinet black logo

Administration Guide

Configuring policies and profiles

Copy Link
Copy Doc ID fa33c844-22c2-11ea-9384-00505692583a:85404
Download PDF

Configuring policies and profiles

Creating Isolator browsing profile

Configure the Isolator profile to dictate how the end user browses the web through FortiIsolator. There are various settings for you to configure, including the bandwidth use and end user privileges.

Steps
  1. From the administration portal, go to Policies and Profiles > Profiles and click Create New.
  2. From the Profile Type drop-down menu, select Isolator Profile and click OK.
  3. Fill in the new Isolator profile information with desired settings.
    1. Type in the maximum file size in megabytes for uploading and downloading files.
    2. By selecting the Limit of view only box, you limit the user to view-only access of web pages. The user is restricted from interacting with the pages, such as right-clicking or typing in text.
    3. By selecting the Right for scanning files by vscanner box, you allow files to be scanned by Vscanner
    4. You can increase or decrease bandwidth usage by selecting the desired Image Quality and Video Frame Rate from the corresponding drop-down menus.
    5. By selecting the Right for doc rewrite when scanning file box, you allow rewriting of documents during file scanning such that embedded links in the file are rendered inactive.

Creating web filter profile

FortiIsolator supports web filtering, which enables the administrator to control which webpages that end users are allowed to view. You can block specific URLs or websites, which prevents the end user's browser from loading webpaes from these websites.

Prerequisites
Steps
  1. From the administration portal, go to Policies and Profiles > Profiles and click Create New.
  2. From the Profile Type drop-down menu, select Web Filter Profile and click OK. You will be brought to the Edit Web Filter Profile page.
  3. Enter a Web Filter Profile Name.
  4. To change web filters for specific categories or subcategories, check the boxes next to the categories or subcategories that you wish to modify. To access the subcategories list, expand the category by clicking the small triangle next to the category.
    Right click on any checked box to select the desired action:
    1. View-only: End user is restricted to view-only access and is unable to interact with the web page, including clicking links and downloading files.
    2. Block: End user is restricted from accessing the web page and will be shown a page informing them that the URL has been blocked by the administrator.
    3. Allow: End user has full access of the website. By default, all web categories are allowed.
  5. To white list or black list specific websites, click the corresponding Create New button in the White List or Black List section. Enter the URL details and click OK. The white list and black list filters accept simple URLs, regular expressions, wildcards, and exemptions as URL filter criteria.
  6. To finish creating the Web Filter Profile, click Submit.
  7. To verify that the web filter is working, try browsing to one of the blocked web pages. You should see the following text displayed in your browser:

Creating a policy

A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied. See the next section Applying Isolator profile and Web Filter profile settings

Steps
  1. To create a new policy, go to Policies and Profiles > Policies and click Create New Policy.
  2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles to be used in the policy.
  3. Click OK to finish.

Applying Isolator profile and Web Filter profile settings

There are several ways you can apply Isolator profile and Web Filter profile settings to end users. Isolator profiles and Web Filter profiles can be applied to the guest account, individual local user accounts, and/or local user groups.

Applying default policy and profile settings
Steps
  1. From the administration portal, go to Policies and Profiles > Default Policy.
  2. From the Default Isolator Profile Name drop-down menu, select the Isolator profile you wish to apply.
  3. From the Default WebFilter Profile Name drop-down menu, select the Web Filter profile you wish to apply.
  4. Click OK to finish.
Applying profile settings to local user account
Steps
  1. From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
  2. Go to Users > User Definition. Select the user you wish to apply the profile settings to and click Edit.
  3. From the Policy Name drop-down menu, select the policy you wish to apply to the local user
  4. Click OK to finish.
Applying profile settings to user groups
Steps
  1. From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
  2. Go to Users > User Groups. Select the user group you wish to apply the profile settings and click Edit.
  3. From the Policy Name drop-down menu, select the policy you wish to apply to the uesr group.
  4. Click OK to finish.

Configuring policies and profiles

Creating Isolator browsing profile

Configure the Isolator profile to dictate how the end user browses the web through FortiIsolator. There are various settings for you to configure, including the bandwidth use and end user privileges.

Steps
  1. From the administration portal, go to Policies and Profiles > Profiles and click Create New.
  2. From the Profile Type drop-down menu, select Isolator Profile and click OK.
  3. Fill in the new Isolator profile information with desired settings.
    1. Type in the maximum file size in megabytes for uploading and downloading files.
    2. By selecting the Limit of view only box, you limit the user to view-only access of web pages. The user is restricted from interacting with the pages, such as right-clicking or typing in text.
    3. By selecting the Right for scanning files by vscanner box, you allow files to be scanned by Vscanner
    4. You can increase or decrease bandwidth usage by selecting the desired Image Quality and Video Frame Rate from the corresponding drop-down menus.
    5. By selecting the Right for doc rewrite when scanning file box, you allow rewriting of documents during file scanning such that embedded links in the file are rendered inactive.

Creating web filter profile

FortiIsolator supports web filtering, which enables the administrator to control which webpages that end users are allowed to view. You can block specific URLs or websites, which prevents the end user's browser from loading webpaes from these websites.

Prerequisites
Steps
  1. From the administration portal, go to Policies and Profiles > Profiles and click Create New.
  2. From the Profile Type drop-down menu, select Web Filter Profile and click OK. You will be brought to the Edit Web Filter Profile page.
  3. Enter a Web Filter Profile Name.
  4. To change web filters for specific categories or subcategories, check the boxes next to the categories or subcategories that you wish to modify. To access the subcategories list, expand the category by clicking the small triangle next to the category.
    Right click on any checked box to select the desired action:
    1. View-only: End user is restricted to view-only access and is unable to interact with the web page, including clicking links and downloading files.
    2. Block: End user is restricted from accessing the web page and will be shown a page informing them that the URL has been blocked by the administrator.
    3. Allow: End user has full access of the website. By default, all web categories are allowed.
  5. To white list or black list specific websites, click the corresponding Create New button in the White List or Black List section. Enter the URL details and click OK. The white list and black list filters accept simple URLs, regular expressions, wildcards, and exemptions as URL filter criteria.
  6. To finish creating the Web Filter Profile, click Submit.
  7. To verify that the web filter is working, try browsing to one of the blocked web pages. You should see the following text displayed in your browser:

Creating a policy

A policy provides a convenient way to apply a certain Isolator profile and/or Web Filter profile to local individual users or user groups. Policies are not active until they are applied. See the next section Applying Isolator profile and Web Filter profile settings

Steps
  1. To create a new policy, go to Policies and Profiles > Policies and click Create New Policy.
  2. Type in a name for the policy and select the desired Isolator and/or Web Filter profiles to be used in the policy.
  3. Click OK to finish.

Applying Isolator profile and Web Filter profile settings

There are several ways you can apply Isolator profile and Web Filter profile settings to end users. Isolator profiles and Web Filter profiles can be applied to the guest account, individual local user accounts, and/or local user groups.

Applying default policy and profile settings
Steps
  1. From the administration portal, go to Policies and Profiles > Default Policy.
  2. From the Default Isolator Profile Name drop-down menu, select the Isolator profile you wish to apply.
  3. From the Default WebFilter Profile Name drop-down menu, select the Web Filter profile you wish to apply.
  4. Click OK to finish.
Applying profile settings to local user account
Steps
  1. From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
  2. Go to Users > User Definition. Select the user you wish to apply the profile settings to and click Edit.
  3. From the Policy Name drop-down menu, select the policy you wish to apply to the local user
  4. Click OK to finish.
Applying profile settings to user groups
Steps
  1. From the administration portal, go to Policies and Profiles > Policies and make sure the policy you want to apply exists. If not, create a new policy with the desired profiles.
  2. Go to Users > User Groups. Select the user group you wish to apply the profile settings and click Edit.
  3. From the Policy Name drop-down menu, select the policy you wish to apply to the uesr group.
  4. Click OK to finish.