Web Filter allows you to block, allow, warn, and monitor web traffic based on URL category or custom URL filters. When a domain is detected, the URL is sent to FortiGuard for categorization. FortiClient then takes action based on the returned category. You can create a custom URL filter exclusion list that overrides the FortiGuard category.
Since FortiClient cannot perform deep inspection and instead leverages certificate inspection for HTTPS websites, FortiClient also cannot present a block page with a trusted connection. This is seen as a browser certificate warning. To avoid this, there are two options:
- Leverage the web browser plugin for HTTPS web filtering. See Web browser plugin for HTTPS web filtering.
- Action On HTTPS Site Blocking. See the FortiClient EMS Administration Guide.
FortiClient inspects all web traffic, not just traffic that a web browser generates. This means you may get web filter certificate warnings or popups for other applications, such as Outlook.
If FortiClient cannot contact FortiGuard, FortiClient blocks all web traffic by default. To configure FortiClient to allow web traffic when FortiGuard is unreachable, see the FortiClient XML Reference Guide.