Fortinet black logo

Version:

7.2.0
7.0.8
7.0.7

Version:

7.0.6
7.0.5
7.0.4

Version:

7.0.3
7.0.2
7.0.1

Version:

7.0.0
6.4.9
6.4.8

Version:

6.4.7
6.4.6
6.4.5

Version:

6.4.4
6.4.3
6.4.2

Version:

6.4.1
6.4.0
6.2.9

Version:

6.2.8
6.2.7
6.2.6

Version:

6.2.5
6.2.4
6.2.3

Version:

6.2.2
6.2.1
6.2.0

Version:

6.0.10
6.0.9
6.0.8

Version:

6.0.7
6.0.6
6.0.5

Version:

6.0.4
6.0.3
6.0.2

Version:

6.0.1
6.0.0
5.6.6

Version:

5.6.5
5.6.4
5.6.3

Version:

5.6.2
5.6.1
5.6.0

Version:

5.4.5
5.4.4
5.4.3

Version:

5.4.2
5.4.1
5.4.0

Table of Contents

Administration Guide

6.4.8
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
Download PDF
Copy Link

Web Filter

Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. When a domain is detected, the URL is sent to FortiGuard for categorization. FortiClient then takes action based on the returned category. You can create a custom URL filter exclusion list that overrides the FortiGuard category.

Since FortiClient cannot perform deep inspection and instead leverages certificate inspection for HTTPS websites, FortiClient also cannot present a block page with a trusted connection. This is seen as a browser certificate warning. To avoid this, there are two options:

FortiClient inspects all web traffic, not just traffic that a web browser generates. This means you may get web filter certificate warnings or popups for other applications, such as Outlook.

note icon

If FortiClient cannot contact FortiGuard, FortiClient blocks all web traffic by default. To configure FortiClient to allow web traffic when FortiGuard is unreachable, see the FortiClient XML Reference Guide.

Web Filter

Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. When a domain is detected, the URL is sent to FortiGuard for categorization. FortiClient then takes action based on the returned category. You can create a custom URL filter exclusion list that overrides the FortiGuard category.

Since FortiClient cannot perform deep inspection and instead leverages certificate inspection for HTTPS websites, FortiClient also cannot present a block page with a trusted connection. This is seen as a browser certificate warning. To avoid this, there are two options:

FortiClient inspects all web traffic, not just traffic that a web browser generates. This means you may get web filter certificate warnings or popups for other applications, such as Outlook.

note icon

If FortiClient cannot contact FortiGuard, FortiClient blocks all web traffic by default. To configure FortiClient to allow web traffic when FortiGuard is unreachable, see the FortiClient XML Reference Guide.