Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Client Web Security Architecture

    Home FortiGate / FortiOS 7.6.0 Client Web Security Architecture
    7.6.0
    7.6.0

    What is Client Web Security Architecture?

    What is Client Web Security Architecture?

    Web traffic is typically a Client-Server model, where the client requests a resource or asset from the server across the public internet. Most often, these web services are web pages, but web traffic can also include videos, such as those found on many social networking platforms, file sharing, and web based email. As the server hosts and provides the data, it is clear that the data, and therefore the server, must be protected from cyber-attacks.

    However, with the growing threat landscape, bad actors have identified web requests initiated by clients can be attacked to gain access to business assets. For this reason, it is becoming increasingly necessary to consider client web security as well.

    The focus of Client Web Security (CWS) does not mirror that of advanced threat scanning, where sophisticated signature matching identifies malicious code, rather CWS focuses on the destination and content of the traffic. This application awareness is accomplished through inspection of the traffic to understand and categorize the application’s intention, and take appropriate and configurable action.

    The action taken on the content of web traffic can be divided into two categories: security measures, such as preventing user credentials from being sent, and categorical filtering, such as limiting access to non-productive resources. Within these two categories, there are additional related benefits such as minimizing liability through prevention of illicit material, and reducing unrelated or non-useful web traffic, such as downloading and uploading large video files.

    FortiGate is perfectly poised to leverage several NGFW components to accomplish web security. Below is a brief overview of the five components that comprise web security, and the associated FortiGate feature used to implement them.

    Web security feature

    Description

    FortiGate Implementation

    Encryption Inspection

    The vast majority of web traffic, from web pages to streaming video, is encrypted. Therefore, it is critical that the FortiGate is able to see inside encrypted traffic to evaluate the information being sent and requested.

    SSL/SSH Inspection Security Profile

    Web security and filtering

    Web filtering serves as the primary shield against attacks originating from the web. The FortiGuard URL Filtering Service provides comprehensive threat protection to address threats including ransomware, credential-theft, phishing, and other web-borne attacks. It uses AI-driven behavior analysis and correlation to block unknown malicious URLs almost immediately, with near-zero false positives. The FortiGate’s WAD daemon and IPS engine send the URLs to FortiGuard in real-time for category determination.

    Web Filter Security Profile

    DNS security and filtering

    DNS category filtering can be used alongside web filtering to control user access to web resources. Additional security features are available through DNS security, such as blocking known C&C domains.

    DNS Filter Security Profile

    Policy enforcement

    The firewall policy is the axis around which most features of the FortiGate revolve. Any traffic going through a FortiGate has to be associated with a policy. Policies control where the traffic goes, how it is processed, if it is processed, and whether or not it is allowed to pass through the FortiGate. This enables administrators to granularly apply security based on a vast combination of identifying characteristics, such as IP address, username, and certificates.

    Firewall policy

    Logging and reporting

    Logging and reporting are useful components to help you understand what is happening on your network, and to inform you about certain network activities, such as a visit to an invalid website. Reports show the recorded activity in a more readable format. A report gathers all the log information that it needs, then presents it in a graphical format with a customizable design and automatically generated charts showing what is happening on the network.

    FortiAnalyzer Logging

    Using two common client web security architectures, this guide demonstrates how the above features can and should be implemented in real-world use cases. These use cases are:

    Previous
    Next

    What is Client Web Security Architecture?

    What is Client Web Security Architecture?

    Web traffic is typically a Client-Server model, where the client requests a resource or asset from the server across the public internet. Most often, these web services are web pages, but web traffic can also include videos, such as those found on many social networking platforms, file sharing, and web based email. As the server hosts and provides the data, it is clear that the data, and therefore the server, must be protected from cyber-attacks.

    However, with the growing threat landscape, bad actors have identified web requests initiated by clients can be attacked to gain access to business assets. For this reason, it is becoming increasingly necessary to consider client web security as well.

    The focus of Client Web Security (CWS) does not mirror that of advanced threat scanning, where sophisticated signature matching identifies malicious code, rather CWS focuses on the destination and content of the traffic. This application awareness is accomplished through inspection of the traffic to understand and categorize the application’s intention, and take appropriate and configurable action.

    The action taken on the content of web traffic can be divided into two categories: security measures, such as preventing user credentials from being sent, and categorical filtering, such as limiting access to non-productive resources. Within these two categories, there are additional related benefits such as minimizing liability through prevention of illicit material, and reducing unrelated or non-useful web traffic, such as downloading and uploading large video files.

    FortiGate is perfectly poised to leverage several NGFW components to accomplish web security. Below is a brief overview of the five components that comprise web security, and the associated FortiGate feature used to implement them.

    Web security feature

    Description

    FortiGate Implementation

    Encryption Inspection

    The vast majority of web traffic, from web pages to streaming video, is encrypted. Therefore, it is critical that the FortiGate is able to see inside encrypted traffic to evaluate the information being sent and requested.

    SSL/SSH Inspection Security Profile

    Web security and filtering

    Web filtering serves as the primary shield against attacks originating from the web. The FortiGuard URL Filtering Service provides comprehensive threat protection to address threats including ransomware, credential-theft, phishing, and other web-borne attacks. It uses AI-driven behavior analysis and correlation to block unknown malicious URLs almost immediately, with near-zero false positives. The FortiGate’s WAD daemon and IPS engine send the URLs to FortiGuard in real-time for category determination.

    Web Filter Security Profile

    DNS security and filtering

    DNS category filtering can be used alongside web filtering to control user access to web resources. Additional security features are available through DNS security, such as blocking known C&C domains.

    DNS Filter Security Profile

    Policy enforcement

    The firewall policy is the axis around which most features of the FortiGate revolve. Any traffic going through a FortiGate has to be associated with a policy. Policies control where the traffic goes, how it is processed, if it is processed, and whether or not it is allowed to pass through the FortiGate. This enables administrators to granularly apply security based on a vast combination of identifying characteristics, such as IP address, username, and certificates.

    Firewall policy

    Logging and reporting

    Logging and reporting are useful components to help you understand what is happening on your network, and to inform you about certain network activities, such as a visit to an invalid website. Reports show the recorded activity in a more readable format. A report gathers all the log information that it needs, then presents it in a graphical format with a customizable design and automatically generated charts showing what is happening on the network.

    FortiAnalyzer Logging

    Using two common client web security architectures, this guide demonstrates how the above features can and should be implemented in real-world use cases. These use cases are:

    Previous
    Next