Web Filter
Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. When a domain is detected, the URL is sent to FortiGuard for categorization. FortiClient then takes action based on the returned category. You can create a custom URL filter exclusion list that overrides the FortiGuard category.
Since FortiClient cannot perform deep inspection and instead leverages certificate inspection for HTTPS websites, FortiClient also cannot present a block page with a trusted connection. This is seen as a browser certificate warning. To avoid this, there are two options:
- Leverage the web browser plugin for HTTPS web filtering. See Web browser plugin for HTTPS web filtering.
- Action On HTTPS Site Blocking. See the FortiClient EMS Administration Guide.
FortiClient inspects all web traffic, not just traffic that a web browser generates. This means you may get web filter certificate warnings or popups for other applications, such as Outlook.
![]() |
If FortiClient cannot contact FortiGuard, FortiClient blocks all web traffic by default. To configure FortiClient to allow web traffic when FortiGuard is unreachable, see the FortiClient XML Reference Guide. |