Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 7.4.1 User Guide
    7.4.1
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Using the check and remediate tool

    Using the check and remediate tool

    Use the Check & Remediate tool in the FortiPortal Dashboard to check URL access permissions for a specific user. Through this tool, you can also reclassify the website if the category is incorrect.

    Note

    This tool is only when your system administrator has enabled it for your account.
    Caution

    Reclassifying a website affects the entire firewall, not just the user in question. The website is reclassified wherever it is used, including any other policies.

    This tool is accessed through the Authenticated Users widget in the Dashboard.

    When the firewall is properly configured to authenticate user traffic, this widget displays the authenticated users.

    URLs are categorized into predefined categories in a Web Filter Profile. For example, www.google.com is categorized as Search Engines and Portals.

    The firewall policy allows or blocks access based on the action defined for the category in the web filter profile.

    Policies must be configured as follows:

    • Select the appropriate Source User and Source User Group.

    • In Security Profiles Options, apply a Web Filter Profile.

    • In Security Profiles Options, set SSL/SSH Inspection to a deep-inspection profile.

    • Set the policy Inspection Mode to Proxy-based.

    • In the web filter, set Feature Set to Proxy-based.

    To check and remediate user website access:

    1. Go to Insights > Dashboard and, in the Authenticated Users widget, click on the View icon next to the appropriate user.

    2. Enter the URL to check, select the Outgoing Interface and Protocol, then click Check Access.

      Access to the specified URL is checked on the firewall and displayed in Result.

      In this example, the user is restricted access to www.chess.com because this website is classified as Games and the web filter profile in the policy blocks access to this category.

    3. Click Reclassify.

    4. Select Web Category or Remote Category, then select the appropriate new Category and Sub Category for this website.

      In this example, www.chess.com is set to Sub Category Education, an allowed category.

    5. In the popup, click Install to install your changes to the firewall. You must install the changes before they take effect.

      The website is reclassified in the firewall.

    Previous
    Next

    Using the check and remediate tool

    Using the check and remediate tool

    Use the Check & Remediate tool in the FortiPortal Dashboard to check URL access permissions for a specific user. Through this tool, you can also reclassify the website if the category is incorrect.

    Note

    This tool is only when your system administrator has enabled it for your account.
    Caution

    Reclassifying a website affects the entire firewall, not just the user in question. The website is reclassified wherever it is used, including any other policies.

    This tool is accessed through the Authenticated Users widget in the Dashboard.

    When the firewall is properly configured to authenticate user traffic, this widget displays the authenticated users.

    URLs are categorized into predefined categories in a Web Filter Profile. For example, www.google.com is categorized as Search Engines and Portals.

    The firewall policy allows or blocks access based on the action defined for the category in the web filter profile.

    Policies must be configured as follows:

    • Select the appropriate Source User and Source User Group.

    • In Security Profiles Options, apply a Web Filter Profile.

    • In Security Profiles Options, set SSL/SSH Inspection to a deep-inspection profile.

    • Set the policy Inspection Mode to Proxy-based.

    • In the web filter, set Feature Set to Proxy-based.

    To check and remediate user website access:

    1. Go to Insights > Dashboard and, in the Authenticated Users widget, click on the View icon next to the appropriate user.

    2. Enter the URL to check, select the Outgoing Interface and Protocol, then click Check Access.

      Access to the specified URL is checked on the firewall and displayed in Result.

      In this example, the user is restricted access to www.chess.com because this website is classified as Games and the web filter profile in the policy blocks access to this category.

    3. Click Reclassify.

    4. Select Web Category or Remote Category, then select the appropriate new Category and Sub Category for this website.

      In this example, www.chess.com is set to Sub Category Education, an allowed category.

    5. In the popup, click Install to install your changes to the firewall. You must install the changes before they take effect.

      The website is reclassified in the firewall.

    Previous
    Next