Configure web filter profiles in NGFW policy mode 6.4.2
Web filters can be configured in NGFW policy mode, and used in security policies.
To create in web filter profile when the FortiGate is in policy mode in the GUI:
- Go to Security Profiles > Web Filter and click Create New.
Only Static URL Filter options can be configured.
- Enter a name for the profile and configure the remaining settings as required:
- Click OK.
To use the web filter profile in a security policy in the GUI:
- Go to Policy & Objects > Security Policy and click Create New.
- Enter a name for the policy, and configure the remaining settings as required.
- Under Security Profiles, enable Web Filter and select the web filter.
- Click OK.
To create in web filter profile when the FortiGate is in policy mode in the CLI:
- Configure a URL filter:
config webfilter urlfilter edit 1 set name "Auto-webfilter-urlfilter_bwv7i1r83" config entries edit 1 set url "*.bot*.com" set type wildcard set action block next end next end - Configure content filters:
config webfilter content edit 1 set name "Auto-webfilter-content_mqqyssuxd" config entries edit "gambling" set status enable next edit "news" set status enable next edit "test" set status enable next edit "example" set status enable next end next end - Configure the web filter profile:
config webfilter profile edit "webfilter-demo" set options block-invalid-url config web set bword-table 1 set urlfilter-table 1 set blacklist enable end next end
To use the web filter profile in a security policy in the CLI:
config firewall security-policy
edit 1
set name "policy-demo-1"
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set webfilter-profile "webfilter-demo"
set app-category 15 25
next
end