Web Filter:

o Using the web filtering to block outbound communication to known malicious URLs.
o Reduction of the risk of infection from dangerous websites and protection of users.
o In FortiGate Firewall Web filtering classifies & controls web browsing based on content.
o Web filtering automatically prevents the attacks that leverage web as an attack vector.
o Including phishing links in emails, phishing sites, HTTP‐based command and control.
o Web Filtering prevents attacks includes malicious sites & pages that carry exploit kits.
o Web Filtering with enables safe web access, protecting users from dangerous websites.
o It restricts or controls user access to web resources & can be applied to firewall policies.
o FortiOS includes three preloaded web filter profiles default, monitor-all and wifi-default.
o Can customize these profiles, or you can create your own to manage network user access.
o The custom profile can be created based on your company’s internal security policies.
o The Web filtering should be customized to meet the unique needs of your organization.
o URL filter is called static URL filter by adding specific URLs with patterns containing text.
o URL Filter (static URL Filter) by adding specific URLs pattern containing Regular expressions.
o The FortiGate can allow, block, exempt & monitor web pages matching any specified URLs.
o The FortiGate Unit Firewall also, patterns, and can display a replacement message instead.
o Create URL filter using the GUI or CLI, after creating URL filter, attach it to web filter profile.

Go to Security Profiles > Web Filter there are preloaded three predefined web filters.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Custom URL Filter:

To create URL filter, Go to Security Profiles > Web Filter and go to the Static URL Filter section.
Enable URL Filter.

Under URL Filter, click Create New to display New URL Filter pane. Enter www.facebook.com,
select Simple, and select Action Block also Status Enable finally, click OK button.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

 URL Filter Type Description
Simple FortiGate tries to strictly match the full context. www.facebook.com in the
URL field, it only matches traffic with www.facebook.com. It won't match
facebook.com or message.facebook.com.
Regular FortiGate tries to match the pattern based on the rules of regular
Expression or expressions or wildcards. if enter *fa* in the URL field, it matches all the
Wildcard content that has fa such as www.facebook.com, message.facebook.com,
fast.com, etc.

Action Description
Block Denies or blocks attempts to access any URL matching the URL pattern.
FortiGate displays a replacement message.
Allow The traffic is passed to the remaining FortiGuard web filters, web content
filters, web script filters, antivirus proxy operations, and DLP proxy
operations. If URL does not appear in the URL list, the traffic is permitted.
Monitor Traffic is processed the same way as the Allow action. For the Monitor
action, a log message is generated each time a matching traffic pattern.
Exempt Traffic is allowed to bypass the remaining FortiGuard web filters, web
content filters, web script filters, antivirus scanning, DLP proxy operations

To attach a web filter profile to a firewall policy, Go to Policy & Objects > IPv4 Policy. Edit the
policy that you want to enable the web filter. In the Security Profiles section, enable Web Filter
and select the profile created.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Verification & Testing:
Validate the URL filter results by going to a blocked website. Go to the Facebook website, you
see the replacement message.

To check web filter logs in the GUI, Go to Log & Report > Web Filter.

Go to FortiView > Threats To check web filter logs.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

FortiGuard Filter:
o To use FortiGuard Filter service, you must have a valid subscription on your FortiGate.
o FortiGuard filter enhances the web filter features supplied with your FortiGate unit.
o By sorting billions of web pages into wide range of categories users can allow or block.
o The FortiGuard Web Filtering service includes over 45 million individual website ratings.
o The FortiGuard Web Filtering service, that apply to more than the two billion pages.
o When the FortiGuard filter is enabled in a web filter and is applied to firewall policies.
o if a request for a web page appears in traffic controlled by one of the firewall policies.
o The FortiGuard Web Filtering service, the URL is sent to the nearest FortiGuard server.
o The FortiGuard Web Filtering service, The URL category or rating is returned to users.
o If category is blocked, FortiGate shows replacement message in place of requested page.
o If the category is not blocked, the page request is sent to the requested URL as normal.

To block category, Go to Security Profiles > Web Filter and go to the FortiGuard category based
filter section.

Action Description
Allow Permit access to the sites in the category.
Block Prevent access to the sites in the category. Users trying to access a blocked
site sees a replacement message indicating the site is blocked.
Monitor Permits and logs access to sites in the category.
Warning Displays a message to the user allowing them to continue if they choose.
Authenticate Requires the user to authenticate with the FortiGate before allowing access.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Open the Bandwidth Consuming- section by clicking the + icon beside it. Select Streaming
Media and Download and then select Block.

To attach a web filter profile to a firewall policy, Go to Policy & Objects > IPv4 Policy. Edit the
policy that you want to enable the web filter. In the Security Profiles section, enable Web Filter
and select the profile created.

Verification & Testing:

Validate the URL filter results by going to a blocked website. Go to the YouTube website, you
see the replacement message.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

To check web filter logs in the GUI, Go to Log & Report > Web Filter.

Warning Message:
To configure a warning, Go to Security Profiles > Web Filter and go to the FortiGuard category
based filter section. Open the General Interest - Business section by clicking the + icon beside it.
Select Web Hosting and then select Warning.

Set the Warning Interval which is the interval when the warning page appears again after the
user chooses to continue.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

To validate that configured the warning, Go to a website belonging to the selected category, for
example, www.godaddy.com & see warning page where you can choose to Proceed or Go Back.

Authenticate Message:
To configure an authentication, Go to Security Profiles > Web Filter and go to the FortiGuard
category based filter section. Open the General Interest - Business section by clicking the + icon
beside it. Select Web Hosting and then select Authenticate.

Set the Warning Interval which is the interval when the authentication page appears again after
authentication. Click the + icon beside Selected User Group and select a user group. You must
have a valid user group to use this feature.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

To validate that configured the warning, Go to a website belonging to the selected category, for
example, www.godaddy.com & see warning page where you can choose to Proceed or Go Back.

Click Proceed to check that the authentication page appears. Enter the username and password
of the user group you selected and click Continue. If the credentials are correct, the traffic is
allowed through.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

Usage Quota:
o Addition to using category and classification blocks and overrides to limit user access.
o User access to URLs, can set daily quota by category, category group, or classification.
o In FW usage Quotas allow access for a specified length of time or a specific bandwidth.
o It is calculated separately for each user and Quotas are reset every day at midnight.
o Usage Quotas can be set only for the actions of Monitor, Warning, or Authenticate.
o When the quota is reached, the traffic is blocked, and the replacement page displays.
o You can only use Usage quotas when FortiGate Unit Firewall inspection mode is Proxy.

In the Category Usage Quota section, select Create New. In the right pane, select the Category
field and then select Streaming Media and Download. For the Quota Type, select Time and set
the Total quota to 5 minute(s). Select OK and the Category Usage Quota section displays.

Validate the configuration by visiting a website in the education category, www.youtube.com

When the quota reaches its limit, traffic is blocked, and the replacement page displays.

Check the used and remaining quota in Monitor > FortiGuard Quota.

10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717