Web Category
The FortiSandbox queries the FortiGuard Web Filtering Service to determine the Web Category of the URL. There are more than 90 web categories described at: https://www.fortiguard.com/webfilter/categories
The FortiSandbox has set a default risk rating on all web categories. The following categories are configurable to override its default rating. The categories that are not listed are set to a Clean rating and cannot be overridden.
Default Rating |
Web Categories |
---|---|
Low Risk |
Abortion Advocacy Organizations Alcohol and Tobacco Alcohol Child Abuse * Crypto Mining * Dating Discrimination * Drug Abuse Dynamic DNS * Explicit Violence Extremist Groups Gambling Grayware Hacking Homosexuality Illegal or Unethical * Malicious Websites Marijuana Newly Registered Domain * Nudity and Risque Occult * Other Adult Materials Phishing Plagiarism * Pornography * Potentially Unwanted Program * Spam URLs, Terrorism * Tobacco Weapons (Sales)
* Updated in 4.4.0 from Clean to Low Risk. |
Clean | URL Shortening |
Using URL Pre-Filter settings
The URL Pre-filter feature uses the web filtering categories to skip the Dynamic scan to increase throughput. This feature is disabled by default and all URLs get forwarded to Dynamic scan.
When URL Pre-Filter is enabled, it will work together with the Scan Profile and Web Category settings.
If the FortiSandbox has Real-Time Anti-Phishing service, URLs that are forwarded to Dynamic scan are also sent to the service to check for Phishing, Malicious or Spam websites. For more information, see Real Time Anti-Phishing. |
Scenarios:
URL Sandboxing Pre-Filter is Disabled.
All URLs will be forwarded to Dynamic scan to check any suspicious behavior. Expect that the scan throughput will be slower.
URL Sandboxing Pre-Filter is Enabled.
- If the category of the URL is Unrated, Newly Observed Domain and Newly Registered Domain, the URL will be forwarded to Dynamic scan to check any suspicious behavior.
- Otherwise, the URL will not be forwarded to Dynamic Scan. The URL will be rated by Static Scan Engine using the default or overridden rating (see the example below).
Example
You can change the Gambling category from Low risk to Medium risk. Then, try to submit the URL http://www.lottolore.com/lotto649.html. The Job Report should show: Medium risk rating, Gambling category and Rated by Static Scan Engine.