FortiGuard filter
To use this service, you must have a valid subscription on your FortiGate.
FortiGuard filter enhances the Web Filter features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories that users can allow or block.
FortiGuard Web Filter services includes over 45 million individual website rating that applies to more than two billion pages. When FortiGuard filter is enabled in a Web Filter and is applied to firewall policies, if a request for a web page appears in traffic controlled by one of the firewall policies, the URL is sent to the nearest FortiGuard server. The URL category or rating is returned. If the category is blocked, the FortiGate shows a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.
FortiGuard Web Filter action
You can select one of the following FortiGuard Web Filter actions:
FortiGuard Web Filter Action |
Description |
---|---|
Allow |
Permit access to the sites in the category. |
Block |
Prevent access to the sites in the category. Users trying to access a blocked site sees a replacement message indicating the site is blocked. |
Monitor |
Permits and logs access to sites in the category. You can enable user quotas when you enable this action. |
Warning |
Displays a message to the user allowing them to continue if they choose. |
Authenticate |
Requires the user to authenticate with the FortiGate before allowing access to the category or category group. |
FortiGuard Web Filter categories
FortiGuard has many Web Filter categories including two local categories and a special remote category. For more information on the different categories, see the table below.
FortiGuard Web Filter category |
Where to find more information |
---|---|
All URL categories |
|
Remote category |
The priority of categories is local category > external category > FortiGuard built-in category. If a URL is configured as a local category, it only follows the behavior of local category and not external or FortiGuard built-in category.
Sample configuration of blocking a web category
This example shows blocking a website based on its category (rating), for example, information technology.
To block a category in the GUI:
- Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
- Open the General Interest - Business section by clicking the + icon beside it.
- Select Information Technology and then select Block.
To block a category in the CLI:
config webfilter profile edit "webfilter" config ftgd-wf unset options config filters edit 1 set category 52 <-- the pre-set id of "information technology" caterogy set action block <-- set action to block next end end next end
To validate that you have blocked a category:
- Go to a website belonging to the blocked category, for example, www.fortinet.com, and you see a blocked page and the category that is blocked.
To view the log of a blocked website in the GUI:
- Go to Log & Report > Web Filter.
To view the log of a blocked website in the CLI:
FGT52E-NAT-WF # execute log filter category utm-webfilter FGT52E-NAT-WF # execute log display 1: date=2019-04-22 time=13:46:25 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1555965984972459609 policyid=1 sessionid=659263 srcip=10.1.200.15 srcport=49234 srcintf="wan2" srcintfrole="wan" dstip=54.183.57.55 dstport=80 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTP" hostname="www.fortinet.com" profile="webfilter" action="blocked" reqtype="direct" url="/" sentbyte=386 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=52 catdesc="Information Technology"
Sample configuration of issuing a warning
This example shows issuing a warning when a user visits a website based on its category (rating), for example, information technology.
To configure a warning in the GUI:
- Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
- Open the General Interest - Business section by clicking the + icon beside it.
- Select Information Technology and then select Warning.
- Set the Warning Interval which is the interval when the warning page appears again after the user chooses to continue.
To configure a warning in the CLI:
config webfilter profile edit "webfilter" config ftgd-wf unset options config filters edit 1 set category 52 set action warning <-- set action to warning next end end next end
To validate that you have configured the warning:
- Go to a website belonging to the selected category, for example, www.fortinet.com, and you see a warning page where you can choose to Proceed or Go Back.
Sample configuration of authenticating a web category
This example shows authenticating a website based on its category (rating), for example, information technology.
To authenticate a category in the GUI:
- Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
- Open the General Interest - Business section by clicking the + icon beside it.
- Select Information Technology and then select Authenticate.
- Set the Warning Interval which is the interval when the authentication page appears again after authentication.
- Click the + icon beside Selected User Group and select a user group. You must have a valid user group to use this feature.
To authenticate a category in the CLI:
config webfilter profile edit "webfilter" config ftgd-wf unset options config filters edit 1 set category 52 set action authenticate <-- set the action of authenticate set auth-usr-grp "local_group" <-- user to authenticate next end end next end
To validate that you have configured authentication:
- Go to a website belonging to the selected category, for example, www.fortinet.com. First, you see a warning page where you can choose to Proceed or Go Back.
- Click Proceed to check that the authentication page appears.
- Enter the username and password of the user group you selected, and click Continue.
If the credentials are correct, the traffic is allowed through.
Sample customization of the replacement page
When the FortiGuard Web Filter action is Block, Warning, or Authenticate, there is a Customize option for you to customize the replace page.
To customize the replace page:
- Go to Security Profiles > Web Filter and go to the FortiGuard category based filter section.
- Right-click the item and select Customize.
- A pane appears for you to customize the page.