Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiEndpoint Administration Guide

    Secure Browser

    Secure Browser

    The secure browser feature is disabled by default and will be gradually rolled out. To be considered as an early adopter, please contact Fortinet Support. The feature supports the following OSes only:

    • Windows 11 - 21H2/22H2/23H2/24H2/25H2 (64-bit)
    • Windows 10 22H2 (64-bit)
    • Windows server 2019 or later

    Use the Profiles > Security > Secure Browser pages to secure browsing in Google Chrome on the endpoint:

    • Approve or protect for file upload/download for specific domains.
    • Protect data in specific domains by preventing pasting content from those domains.
    • Block traffic to specific website categories.
    • Block specific third-party extensions.
    To configure secure browsing:

    1. Create a list of domains and URLs to allow file upload/download or data transfer as needed:

      1. Go to the Profiles > Security > Secure Browser > Domain Groups page and click Add Group.

      2. Specify a name for the domain group. For example, Allow file upload. The domain group name is case-sensitive.

      3. Optionally, provide a description.

      4. Click Add Domain and specify the exact URL of the website to approve or protect. For example, www.abc.com. Wildcard is unsupported.

        Repeat this step to add more URLs to the group as needed.

      5. Click Save.

      6. Repeat the procedure to add more domain group as needed.

        You can also edit, clone, or delete a domain group using the following options:

    2. Create a secure browser policy and connect the domain groups to it:

      1. Go to the Profiles > Security > Secure Browser > Policies page and click Add Policy.

      2. Specify a name for the policy. The policy name is case-sensitive.

      3. Select the Collector groups that the policy applies to.

      4. Click Save to save the policy.

        The policy appears in the list.

      5. (Optional) Add or remove Collector groups for the policy in the Collector group column.

        A Collector group can only be added to one secure browser policy.

      6. Expand the row of the policy in the table and configure the rules to associate with the policy.

        FortiEndpoint EDR provides the following built-in rules, which are all enabled by default. Click the Enable button to disable it. To edit a rule, click the Edit button to the right of the rule.

        Rule

        Description

        Prevent upload

        By default, all file uploads are blocked in the policy.

        To allow upload from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups, such as Allow file upload.

        Prevent download

        By default, all file downloads are blocked in the policy.

        To allow download from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups, such as Allow file download.

        Prevent data transfer

        By default, all data transfers are allowed in the policy, which means you can copy content from any website and paste it to another website.

        To prevent pasting content copied from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups to the protected domain groups list. Content copied from the protected domains will then only be allowed to be pasted into the same domain or another protected domain.

        URL reputation

        By default, all website categories are allowed in the policy.

        To block or log traffic to specific website categories, edit the rule and click Add category to select the relevant categories and configure the block or log action.

        BlockPrevent user access to the website category.
        LogAllow user access to the website category but a notification will be sent about the activity.
        Prevent Third-party extension monitoring

        By default, all third-party extensions are allowed by the policy.

        To block or log specific third-party extensions:
        1. Edit the rule by clicking the Edit button to the right of the rule.

        2. Configure the block or log action, which applies to all third-party extensions in the block list.

          BlockDisable the block list of third-party extensions.
          LogAllow user access to the block list of third-party extensions but a notification will be sent about the activity.
        3. Click Add Extension to define a list of third-party extensions to block using the extension ID. You can retrieve the extension ID by turning on Developer mode in chrome://extensions/.

    3. Check incidents for secure browser in the Secure Browser tab of the Incidents view.

    Previous
    Next

    Secure Browser

    Secure Browser

    The secure browser feature is disabled by default and will be gradually rolled out. To be considered as an early adopter, please contact Fortinet Support. The feature supports the following OSes only:

    • Windows 11 - 21H2/22H2/23H2/24H2/25H2 (64-bit)
    • Windows 10 22H2 (64-bit)
    • Windows server 2019 or later

    Use the Profiles > Security > Secure Browser pages to secure browsing in Google Chrome on the endpoint:

    • Approve or protect for file upload/download for specific domains.
    • Protect data in specific domains by preventing pasting content from those domains.
    • Block traffic to specific website categories.
    • Block specific third-party extensions.
    To configure secure browsing:

    1. Create a list of domains and URLs to allow file upload/download or data transfer as needed:

      1. Go to the Profiles > Security > Secure Browser > Domain Groups page and click Add Group.

      2. Specify a name for the domain group. For example, Allow file upload. The domain group name is case-sensitive.

      3. Optionally, provide a description.

      4. Click Add Domain and specify the exact URL of the website to approve or protect. For example, www.abc.com. Wildcard is unsupported.

        Repeat this step to add more URLs to the group as needed.

      5. Click Save.

      6. Repeat the procedure to add more domain group as needed.

        You can also edit, clone, or delete a domain group using the following options:

    2. Create a secure browser policy and connect the domain groups to it:

      1. Go to the Profiles > Security > Secure Browser > Policies page and click Add Policy.

      2. Specify a name for the policy. The policy name is case-sensitive.

      3. Select the Collector groups that the policy applies to.

      4. Click Save to save the policy.

        The policy appears in the list.

      5. (Optional) Add or remove Collector groups for the policy in the Collector group column.

        A Collector group can only be added to one secure browser policy.

      6. Expand the row of the policy in the table and configure the rules to associate with the policy.

        FortiEndpoint EDR provides the following built-in rules, which are all enabled by default. Click the Enable button to disable it. To edit a rule, click the Edit button to the right of the rule.

        Rule

        Description

        Prevent upload

        By default, all file uploads are blocked in the policy.

        To allow upload from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups, such as Allow file upload.

        Prevent download

        By default, all file downloads are blocked in the policy.

        To allow download from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups, such as Allow file download.

        Prevent data transfer

        By default, all data transfers are allowed in the policy, which means you can copy content from any website and paste it to another website.

        To prevent pasting content copied from specific websites, edit the rule and click Add Domain Group to select the relevant domain groups to the protected domain groups list. Content copied from the protected domains will then only be allowed to be pasted into the same domain or another protected domain.

        URL reputation

        By default, all website categories are allowed in the policy.

        To block or log traffic to specific website categories, edit the rule and click Add category to select the relevant categories and configure the block or log action.

        BlockPrevent user access to the website category.
        LogAllow user access to the website category but a notification will be sent about the activity.
        Prevent Third-party extension monitoring

        By default, all third-party extensions are allowed by the policy.

        To block or log specific third-party extensions:
        1. Edit the rule by clicking the Edit button to the right of the rule.

        2. Configure the block or log action, which applies to all third-party extensions in the block list.

          BlockDisable the block list of third-party extensions.
          LogAllow user access to the block list of third-party extensions but a notification will be sent about the activity.
        3. Click Add Extension to define a list of third-party extensions to block using the extension ID. You can retrieve the extension ID by turning on Developer mode in chrome://extensions/.

    3. Check incidents for secure browser in the Secure Browser tab of the Incidents view.

    Previous
    Next