Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Restricting web usage using FortiGuard URL categories and URL filter

Restricting web usage using FortiGuard URL categories and URL filter

To restrict web usage using FortiGuard URL categories and URL filter:
  1. Go to Configuration > Security.
  2. In the Web Filter With Inline-CASB widget, click Customize.
  3. Enable FortiGuard Category Based Filter.
  4. By default, FortiSASE allows access to FortiGuard categories when you enable the FortiGuard category-based filter. To change the category action to Monitor or Block, select the desired category, then select Monitor or Block. The following provides descriptions of the actions:

    Type

    Description

    Allow

    Passes the traffic to the remaining web filters, antivirus inspection engine, and DLP inspection engine. If the URL does not appear in the URL list, FortiSASE allows the traffic.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any URL that belongs to the category. A replacement message displays.

  5. Under URL Filter, click Create.
  6. Configure the URL filter:
    1. In the URL field, enter the desired URL.
    2. For Type, select one of the following:

      Type

      Description

      Simple

      Tries to strictly match the full context. For example, if you enter www.facebook.com in the URL field, it only matches traffic with www.facebook.com. It does not match facebook.com or message.facebook.com. When FortiSASE finds a match, it performs the selected URL action.

      Wildcard

      Tries to match the pattern based on the rules of wildcards. For example, if you enter *fa* in the URL field, it matches all the content that has fa such as www.facebook.com, message.facebook.com, fast.com, and so on. When FortiSASE finds a match, it performs the selected URL action.

      RegExp

      Tries to match the pattern based on the rules of regular expressions. When FortiSASE finds a match, it performs the selected URL action.

    3. For Action, select one of the following:

      Type

      Description

      Allow

      Passes the traffic to the remaining web filters, antivirus inspection engine, and DLP inspection engine. If the URL does not appear in the URL list, FortiSASE allows the traffic.

      Block

      Denies or blocks attempts to access any URL that matches the URL pattern. A replacement message displays.

      Exempt

      Allows the traffic to pass through, bypassing other web filters, antivirus inspection engine, and DLP inspection engine.

      Monitor

      Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    4. Configure the status as desired.
  7. Click OK.
Previous
Next

Restricting web usage using FortiGuard URL categories and URL filter

To restrict web usage using FortiGuard URL categories and URL filter:
  1. Go to Configuration > Security.
  2. In the Web Filter With Inline-CASB widget, click Customize.
  3. Enable FortiGuard Category Based Filter.
  4. By default, FortiSASE allows access to FortiGuard categories when you enable the FortiGuard category-based filter. To change the category action to Monitor or Block, select the desired category, then select Monitor or Block. The following provides descriptions of the actions:

    Type

    Description

    Allow

    Passes the traffic to the remaining web filters, antivirus inspection engine, and DLP inspection engine. If the URL does not appear in the URL list, FortiSASE allows the traffic.

    Monitor

    Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    Block

    Denies or blocks attempts to access any URL that belongs to the category. A replacement message displays.

  5. Under URL Filter, click Create.
  6. Configure the URL filter:
    1. In the URL field, enter the desired URL.
    2. For Type, select one of the following:

      Type

      Description

      Simple

      Tries to strictly match the full context. For example, if you enter www.facebook.com in the URL field, it only matches traffic with www.facebook.com. It does not match facebook.com or message.facebook.com. When FortiSASE finds a match, it performs the selected URL action.

      Wildcard

      Tries to match the pattern based on the rules of wildcards. For example, if you enter *fa* in the URL field, it matches all the content that has fa such as www.facebook.com, message.facebook.com, fast.com, and so on. When FortiSASE finds a match, it performs the selected URL action.

      RegExp

      Tries to match the pattern based on the rules of regular expressions. When FortiSASE finds a match, it performs the selected URL action.

    3. For Action, select one of the following:

      Type

      Description

      Allow

      Passes the traffic to the remaining web filters, antivirus inspection engine, and DLP inspection engine. If the URL does not appear in the URL list, FortiSASE allows the traffic.

      Block

      Denies or blocks attempts to access any URL that matches the URL pattern. A replacement message displays.

      Exempt

      Allows the traffic to pass through, bypassing other web filters, antivirus inspection engine, and DLP inspection engine.

      Monitor

      Processes the traffic the same way as the Allow action. For the Monitor action, FortiSASE generates a log message each time it establishes a matching traffic pattern.

    4. Configure the status as desired.
  7. Click OK.
Previous
Next