Using the Websense Integrated Services Protocol in flow mode
Websense Integrated Services Protocol (WISP) servers can be used in flow mode, which allows the FortiGate to send traffic to the third-party web filtering service for rating. This feature was previously only supported in proxy-based security profiles.
When a WISP server is used in a web filter profile, in flow or proxy mode, the following web filter scanning priority sequence is used:
- Local URL filter
- Websense web filtering service
- FortiGuard web filtering service
To use a WISP server in flow mode:
- Configure the WISP servers:
config web-proxy wisp edit "wisp1" set server-ip 10.2.3.4 next edit "wisp2" set server-ip 10.2.3.5 next edit "wisp3" set server-ip 192.168.1.2 next edit "wisp4" set server-ip 192.168.3.4 next end
- Configure the web filter profile:
config webfilter profile edit "webfilter_flowbase" set feature-set flow config ftgd-wf unset options config filters edit 64 set category 64 set action block next end end set wisp enable set wisp-servers "wisp1" "wisp2" set wisp-algorithm {primary-secondary | round-robin | auto-learning} set log-all-url enable next end