Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Web Filter

Web Filter

Web filter restricts or controls user access to web resources. In FortiSASE, there are three main components of Web Filter:

Component

Description

URL Category

Provides categories from the FortiGuard Web Filter service that you can use to filter web traffic.

URL Filter

Uses specific URLs with patterns containing text and regular expressions so FortiSASE can process the traffic based on the filter action (exempt, block, allow, monitor) and webpages that match the criteria.

Content Filter

Blocks or exempts webpages containing words or patterns that you specify. Additionally, in HTTPS connections, since the HTTP payload is encrypted, the default certificate inspection cannot inspect the traffic. To apply content filter on HTTPS traffic, you must use SSL deep inspection. See Certificate and deep inspection modes.

These components interact with each other to provide maximum control over what users on your network can view and protect your network from many internet content threats.

FortiSASE applies web filters in the following order:

  1. URL Filter
  2. URL Category
  3. Content Filter

In FortiSASE, there is one global Web Filter configuration that applies to all users.

FortiSASE supports these Web Filter options:

Option Description
Block Invalid URLs

Block websites when their SSL certificate CN field does not contain a valid domain name.

This option also blocks URLs that contains spaces. If there is a space in the URL, it must be written as %20 in the URL path.
Allow websites when a rating error occurs Allow access to websites that return a rating error from the FortiGuard Web Filter service.
Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex

This setting applies to popular search sites and prevents explicit websites and images from appearing in search results.

The supported search sites are Google, Yahoo, Bing, and Yandex.

To enforce safe search, you must use SSL deep inspection. See Certificate and deep inspection modes.
Previous
Next

Web Filter

Web filter restricts or controls user access to web resources. In FortiSASE, there are three main components of Web Filter:

Component

Description

URL Category

Provides categories from the FortiGuard Web Filter service that you can use to filter web traffic.

URL Filter

Uses specific URLs with patterns containing text and regular expressions so FortiSASE can process the traffic based on the filter action (exempt, block, allow, monitor) and webpages that match the criteria.

Content Filter

Blocks or exempts webpages containing words or patterns that you specify. Additionally, in HTTPS connections, since the HTTP payload is encrypted, the default certificate inspection cannot inspect the traffic. To apply content filter on HTTPS traffic, you must use SSL deep inspection. See Certificate and deep inspection modes.

These components interact with each other to provide maximum control over what users on your network can view and protect your network from many internet content threats.

FortiSASE applies web filters in the following order:

  1. URL Filter
  2. URL Category
  3. Content Filter

In FortiSASE, there is one global Web Filter configuration that applies to all users.

FortiSASE supports these Web Filter options:

Option Description
Block Invalid URLs

Block websites when their SSL certificate CN field does not contain a valid domain name.

This option also blocks URLs that contains spaces. If there is a space in the URL, it must be written as %20 in the URL path.
Allow websites when a rating error occurs Allow access to websites that return a rating error from the FortiGuard Web Filter service.
Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex

This setting applies to popular search sites and prevents explicit websites and images from appearing in search results.

The supported search sites are Google, Yahoo, Bing, and Yandex.

To enforce safe search, you must use SSL deep inspection. See Certificate and deep inspection modes.
Previous
Next