Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 6.4.2 Administration Guide

FortiGuard filter

6.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Copy Link
Copy Doc ID 4dcf9363-d124-11ea-8b7d-00505692583a:675558
Download PDF

FortiGuard filter

FortiGuard filter enhances the web filter features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories that users can allow or block.

The FortiGuard Web Filtering service includes over 45 million individual website ratings that apply to more than two billion pages. When the FortiGuard filter is enabled in a web filter and is applied to firewall policies, if a request for a web page appears in traffic controlled by one of the firewall policies, the URL is sent to the nearest FortiGuard server. The URL category or rating is returned. If the category is blocked, the FortiGate shows a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.

To use this service, you must have a valid subscription on your FortiGate.

FortiGuard web filter actions

You can select one of the following FortiGuard web filter actions:

FortiGuard Web Filter Action

Description

Allow

Permit access to the sites in the category.

Block

Prevent access to the sites in the category. Users trying to access a blocked site sees a replacement message indicating the site is blocked.

Monitor

Permits and logs access to sites in the category. You can enable user quotas when you enable this action.

Warning

Displays a message to the user allowing them to continue if they choose.

Authenticate

Requires the user to authenticate with the FortiGate before allowing access to the category or category group.
Note

When the action for a local or remote category is Allow, the category is disabled. The next category's action, in the order of preference, will be applied.

FortiGuard web filter categories

FortiGuard has many web filter categories including two local categories and a special remote category. For more information on the different categories, see the table below.

FortiGuard Web Filter category

Where to find more information

All URL categories

https://fortiguard.com/webfilter/categories.

Local categories

Web rating override.

Remote category

Threat feeds.

The priority of categories is local category > external category > FortiGuard built-in category. If a URL is configured as a local category, it only follows the behavior of local category and not external or FortiGuard built-in category.

Blocking a web category

This example shows blocking a website based on its category (rating).

To block a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Block.

  3. Configure the remaining settings as required, and then click OK.
To block a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action block
                next
            end
        end
    next
end
To check that the category is blocked:
  1. Go to a website belonging to the blocked category, for example, www.fortinet.com in the Information Technolgy category

    The page should be blocked.

To view the log of a blocked website in the GUI:
  1. Go to Log & Report > Web Filter.
  2. Select an entry with blocked in the Action column and click Details.

To view the log of a blocked website in the CLI:
# execute log filter category utm-webfilter
# execute log display

1: date=2019-04-22 time=13:46:25 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1555965984972459609 policyid=1 sessionid=659263 srcip=10.1.200.15 srcport=49234 srcintf="wan2" srcintfrole="wan" dstip=54.183.57.55 dstport=80 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTP" hostname="www.fortinet.com" profile="webfilter" action="blocked" reqtype="direct" url="/" sentbyte=386 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=52 catdesc="Information Technology"

Issuing a warning on a web category

This example shows issuing a warning when a user visits a website in a specific category.

To configure a warning for a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Warning.
  3. Set the Warning Interval, then click OK.

    The warning interval is the amount of time until the warning appears again after the user proceeds past it.

  4. Configure the remaining settings as required, and then click OK.
To configure a warning for a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action warning
                next
            end
        end
    next
end
To check that the warning is working:
  1. Go to a website belonging to the configured category, for example, www.fortinet.com in the Information Technolgy category.
  2. On the warning page, click Proceed or Go Back.

Authenticating a web category

This example shows authenticating a website based on its category (rating).

To authenticate a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Warning.
  3. Set the Warning Interval.

  4. Select one or more user groups, then click OK.
  5. Configure the remaining settings as required, and then click OK.
To authenticate a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action authenticate
                    set auth-usr-grp "local_group"
                next
            end
        end
    next
end
To validate that you have configured authentication:
  1. Go to a website belonging to the configured category, for example, www.fortinet.com in the Information Technolgy category.
  2. On the warning page, click Proceed.

  3. Enter the username and password for the configured user group, then click Continue..

Customizing the replacement message page

When the category action is Block, Warning, or Authenticate, you can customize the replacement message page that a user sees.

To customize the replacement message page:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, right-click on a category and select Customize.
  3. Select a Replacement Message Group. See Replacement message groups for details.
  4. Optionally, click Edit FortiGuard Block Page or Edit FortiGuard Warning Page to make modifications.
  5. Click Save.
  6. Configure the remaining settings as required, and then click OK.
Previous
Next

More Links

Threat feeds

FortiGuard filter

FortiGuard filter enhances the web filter features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories that users can allow or block.

The FortiGuard Web Filtering service includes over 45 million individual website ratings that apply to more than two billion pages. When the FortiGuard filter is enabled in a web filter and is applied to firewall policies, if a request for a web page appears in traffic controlled by one of the firewall policies, the URL is sent to the nearest FortiGuard server. The URL category or rating is returned. If the category is blocked, the FortiGate shows a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.

To use this service, you must have a valid subscription on your FortiGate.

FortiGuard web filter actions

You can select one of the following FortiGuard web filter actions:

FortiGuard Web Filter Action

Description

Allow

Permit access to the sites in the category.

Block

Prevent access to the sites in the category. Users trying to access a blocked site sees a replacement message indicating the site is blocked.

Monitor

Permits and logs access to sites in the category. You can enable user quotas when you enable this action.

Warning

Displays a message to the user allowing them to continue if they choose.

Authenticate

Requires the user to authenticate with the FortiGate before allowing access to the category or category group.
Note

When the action for a local or remote category is Allow, the category is disabled. The next category's action, in the order of preference, will be applied.

FortiGuard web filter categories

FortiGuard has many web filter categories including two local categories and a special remote category. For more information on the different categories, see the table below.

FortiGuard Web Filter category

Where to find more information

All URL categories

https://fortiguard.com/webfilter/categories.

Local categories

Web rating override.

Remote category

Threat feeds.

The priority of categories is local category > external category > FortiGuard built-in category. If a URL is configured as a local category, it only follows the behavior of local category and not external or FortiGuard built-in category.

Blocking a web category

This example shows blocking a website based on its category (rating).

To block a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Block.

  3. Configure the remaining settings as required, and then click OK.
To block a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action block
                next
            end
        end
    next
end
To check that the category is blocked:
  1. Go to a website belonging to the blocked category, for example, www.fortinet.com in the Information Technolgy category

    The page should be blocked.

To view the log of a blocked website in the GUI:
  1. Go to Log & Report > Web Filter.
  2. Select an entry with blocked in the Action column and click Details.

To view the log of a blocked website in the CLI:
# execute log filter category utm-webfilter
# execute log display

1: date=2019-04-22 time=13:46:25 logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="vdom1" eventtime=1555965984972459609 policyid=1 sessionid=659263 srcip=10.1.200.15 srcport=49234 srcintf="wan2" srcintfrole="wan" dstip=54.183.57.55 dstport=80 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTP" hostname="www.fortinet.com" profile="webfilter" action="blocked" reqtype="direct" url="/" sentbyte=386 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" method="domain" cat=52 catdesc="Information Technology"

Issuing a warning on a web category

This example shows issuing a warning when a user visits a website in a specific category.

To configure a warning for a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Warning.
  3. Set the Warning Interval, then click OK.

    The warning interval is the amount of time until the warning appears again after the user proceeds past it.

  4. Configure the remaining settings as required, and then click OK.
To configure a warning for a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action warning
                next
            end
        end
    next
end
To check that the warning is working:
  1. Go to a website belonging to the configured category, for example, www.fortinet.com in the Information Technolgy category.
  2. On the warning page, click Proceed or Go Back.

Authenticating a web category

This example shows authenticating a website based on its category (rating).

To authenticate a category in the GUI:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, select a category and then click Warning.
  3. Set the Warning Interval.

  4. Select one or more user groups, then click OK.
  5. Configure the remaining settings as required, and then click OK.
To authenticate a category in the CLI:
config webfilter profile
    edit "webfilter"
        config ftgd-wf
            unset options
            config filters
                edit 1
                    set category 52
                    set action authenticate
                    set auth-usr-grp "local_group"
                next
            end
        end
    next
end
To validate that you have configured authentication:
  1. Go to a website belonging to the configured category, for example, www.fortinet.com in the Information Technolgy category.
  2. On the warning page, click Proceed.

  3. Enter the username and password for the configured user group, then click Continue..

Customizing the replacement message page

When the category action is Block, Warning, or Authenticate, you can customize the replacement message page that a user sees.

To customize the replacement message page:
  1. Go to Security Profiles > Web Filter and edit or create a new web filter profile.
  2. In the FortiGuard category based filter section, right-click on a category and select Customize.
  3. Select a Replacement Message Group. See Replacement message groups for details.
  4. Optionally, click Edit FortiGuard Block Page or Edit FortiGuard Warning Page to make modifications.
  5. Click Save.
  6. Configure the remaining settings as required, and then click OK.
Previous
Next