Web Filtering on Fortinet Firewalls

Web Filtering on Fortinet Firewalls

We will go over how to use FortiGuard categories to restrict access to social media websites. we should point out that using this type of function requires an active FortiGuard web filtering service license. 

When using FortiGuard categories for web filtration, you can take action against a group of websites, whereas a static URL filter is designed to block or track a single URL.

Fig 1.1- Web Filtering on FortiGate/FortiGuard

Navigate to system > feature Visibility and enable the Web Filter Feature. You need to edit the default settings of the web filtering from default to block the social media sites as 

Go to Security Profiles > Web Filter and edit the Default web filter profile and make sure that “FortiGuard category-based” filter service is enabled.

Right-click on General interest FortiGuard category. scroll down to Social networking subcategory and select action to “Block” as shown below.

Fig 1.2- Web Filtering on FortiGate Firewalls

Add Web Filter Profile to Internet Access Policy. Go to Policy & objects > Firewall Policy and create a new policy

Fig 1.3- Web Filtering on FortiGate Firewalls

Give the policy the name "Blocking-social-media" to make it clear what it is. Set the outgoing interface to the internet and the incoming interface to the internal network. Enable "NAT" and make sure "Use Outgoing Interface Address is enabled," then set the remaining options to allow "ALL" traffic or multiple rules by selecting the + icon and the action as "Accept".

Down the page, select Security profiles Web Filter should be enabled, default web filter profile chosen, and configuration saved.

Fig 1.4- Web Filtering on FortiGate Firewalls

Now you have successfully enabled the social media blocking policy to move this policy to Top of the list to make it effective.