Fortinet white logo
Fortinet white logo

Administration Guide

Configuring the FortiGuard URL filter

Configuring the FortiGuard URL filter

FortiGuard URL filter service allows you choose which categories of URL in the email body you want to check, rewrite, or block. Then you can use the filters in the antispam profiles (see Configuring the FortiGuard URL filter) and the FortiGuard URL Click Protection settings (see Configuring licensed features).

To configure a URL category profile

  1. Go to Security > URL Filter > Profile.
  2. Click New.
  3. Enter a profile name.
  4. Select the URL categories you want to check in the email body.
  5. Click Create.
Note

With the release of FortiMail 7.0.2, the following new categories are introduced (to match those already supported by FortiOS):

  • Terrorism

  • URL Shortening

  • Crypto Mining

  • Potentially Unwanted Program

Configuring local categories

Configure custom FortiGuard URL local categories for URL override rating profiles.

Note that, for typical exemption purposes, you may wish to use the preexisting local-exempt category.

To configure the URL local category
  1. Go to Security > URL Filter > Local Category.
  2. Click New.
  3. Enter a Name and an optional Comment for the new custom local category.
  4. Click Create.

Configuring override ratings

Configure URL patterns (as either wildard or regular expressions) and override to defined URL categories. URL override rating lists can be used as web filter categories.

To configure the URL override rating
  1. Go to Security > URL Filter > Override Rating.

  2. Click New.

  3. Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. For more information about URL types and how they are processed, see URL types.

  4. Under Override To, select a Group and a group-approriate Category.

  5. Note

    To exempt URLs from FortiGuard URL and web filter (see Configuring FortiGuard options), FortiGuard URL protection (see Configuring licensed features), FortiSandbox scanning (see Using FortiSandbox antivirus inspection), select the Local Category group and local-exempt category.

  6. Click Create.

URL types

There are two types of URLs:

  • Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as “http”, “https”, and “ftp”. For instance, http://www.example.com.
  • Reference URLs do not contain the scheme names. For instance, example.com.

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {strict | aggressive | extreme}

end

  • strict: Choose this option to scan for absolute URLs only. Note that web sites without “http” or “https” but starting with “www” are also treated as absolute URLs. For instance, www.example.com.
  • aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
  • extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.

Configuring the FortiGuard URL filter

Configuring the FortiGuard URL filter

FortiGuard URL filter service allows you choose which categories of URL in the email body you want to check, rewrite, or block. Then you can use the filters in the antispam profiles (see Configuring the FortiGuard URL filter) and the FortiGuard URL Click Protection settings (see Configuring licensed features).

To configure a URL category profile

  1. Go to Security > URL Filter > Profile.
  2. Click New.
  3. Enter a profile name.
  4. Select the URL categories you want to check in the email body.
  5. Click Create.
Note

With the release of FortiMail 7.0.2, the following new categories are introduced (to match those already supported by FortiOS):

  • Terrorism

  • URL Shortening

  • Crypto Mining

  • Potentially Unwanted Program

Configuring local categories

Configure custom FortiGuard URL local categories for URL override rating profiles.

Note that, for typical exemption purposes, you may wish to use the preexisting local-exempt category.

To configure the URL local category
  1. Go to Security > URL Filter > Local Category.
  2. Click New.
  3. Enter a Name and an optional Comment for the new custom local category.
  4. Click Create.

Configuring override ratings

Configure URL patterns (as either wildard or regular expressions) and override to defined URL categories. URL override rating lists can be used as web filter categories.

To configure the URL override rating
  1. Go to Security > URL Filter > Override Rating.

  2. Click New.

  3. Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. For more information about URL types and how they are processed, see URL types.

  4. Under Override To, select a Group and a group-approriate Category.

  5. Note

    To exempt URLs from FortiGuard URL and web filter (see Configuring FortiGuard options), FortiGuard URL protection (see Configuring licensed features), FortiSandbox scanning (see Using FortiSandbox antivirus inspection), select the Local Category group and local-exempt category.

  6. Click Create.

URL types

There are two types of URLs:

  • Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as “http”, “https”, and “ftp”. For instance, http://www.example.com.
  • Reference URLs do not contain the scheme names. For instance, example.com.

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {strict | aggressive | extreme}

end

  • strict: Choose this option to scan for absolute URLs only. Note that web sites without “http” or “https” but starting with “www” are also treated as absolute URLs. For instance, www.example.com.
  • aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
  • extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.