Fortinet black logo

Cookbook

5.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0

Blocking social media websites using FortiGuard categories

Blocking social media websites using FortiGuard categories

This recipe explains how to block access to social media websites using FortiGuard categories. An active license for FortiGuard Web Filtering service is required.

Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network’s access to websites.

If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering.

1. Enabling the Web Filter feature

Go to System > Feature Select and confirm that the Web Filter feature is enabled.

2. Editing the default Web Filter profile

Go to Security Profiles > Web Filter and edit the default Web Filter profile. Confirm that the FortiGuard category based filter is enabled. FortiGuard’s web filtering categories are organized into six main groups; descriptions can be found at FortiGuard Center.

Right-click on the General Interest – Personal FortiGuard category. Scroll down to the Social Networking subcategory and right-click again. Select Block.

3. Adding the Web Filter profile to the Internet access policy

Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use.

Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface.

Enable NAT.

Under Security Profiles, enable Web Filter and select the default web filter profile.

Enable HTTPS traffic. Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.

In order to be applied to Internet traffic, the new policy has to be higher in the policy sequence than any other policy that could manage the same traffic. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence.

To move a policy up or down, click and drag the far-left column of the policy.

4. Results

Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com. The HTTPS protocol is automatically applied to these addresses, even if it is not entered.

A FortiGuard Web Page Blocked! message appears when attempting to visit sites in the blocked category.

Go to FortiView > Websites and select the 5 minutes view. The blocked social networking sites are listed in the Domain column.

For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

Previous
Next

Related Videos

sidebar video

Blocking Social Media

  • 64,422 views
  • 7 years ago

Blocking social media websites using FortiGuard categories

This recipe explains how to block access to social media websites using FortiGuard categories. An active license for FortiGuard Web Filtering service is required.

Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network’s access to websites.

If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering.

1. Enabling the Web Filter feature

Go to System > Feature Select and confirm that the Web Filter feature is enabled.

2. Editing the default Web Filter profile

Go to Security Profiles > Web Filter and edit the default Web Filter profile. Confirm that the FortiGuard category based filter is enabled. FortiGuard’s web filtering categories are organized into six main groups; descriptions can be found at FortiGuard Center.

Right-click on the General Interest – Personal FortiGuard category. Scroll down to the Social Networking subcategory and right-click again. Select Block.

3. Adding the Web Filter profile to the Internet access policy

Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use.

Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface.

Enable NAT.

Under Security Profiles, enable Web Filter and select the default web filter profile.

Enable HTTPS traffic. Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.

In order to be applied to Internet traffic, the new policy has to be higher in the policy sequence than any other policy that could manage the same traffic. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence.

To move a policy up or down, click and drag the far-left column of the policy.

4. Results

Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com. The HTTPS protocol is automatically applied to these addresses, even if it is not entered.

A FortiGuard Web Page Blocked! message appears when attempting to visit sites in the blocked category.

Go to FortiView > Websites and select the 5 minutes view. The blocked social networking sites are listed in the Domain column.

For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

Previous
Next