Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit a DNS filter profile

Create or edit a DNS filter profile

Click Create New to open the New DNS Filter Profile window.

Configure the following settings and then click OK:

Name

The name of the DNS filter profile.

Comments

Optional description of the DNS filter profile.

Redirect botnet C&C requests to Block Portal

FortiGuard Service continually updates the botnet C&C domain list. The botnet C&C domain blocking feature can block the botnet website access at the DNS name resolving stage. This provides additional protection for your network.

Enforce 'Safe search' on Google, Bing, YouTube

The DNS safe search option helps avoid explicit and inappropriate results in the Google, Bing, and YouTube search engines. The FortiProxy responds with content filtered by the search engine.

Restrict YouTube Access

Select the Strict or Moderate level of restriction for YouTube access.

This option is available only if Enforce 'Safe search' on Google, Bing, YouTube is enabled.

FortiGuard category based filter

Enable if you want to use FortiGuard categories. If the device is not licensed for the FortiGuard web-filtering service, traffic can be blocked by enabling this option.

Allow/Monitor/Redirect to Block Portal

Select the action for each FortiGuard category: Allow, Monitor, or Redirect to Block Portal.

Static Domain Filter

Domain Filter

Enable to create or edit domain filters. See Create or edit a domain filter.

External IP Block Lists

Enable to create or select a list of external IP addresses to block. See External Connectors.

DNS Translation

This setting allows you to translate a DNS resolved IP address to another IP address you specify on a per-policy basis. See Create or edit a DNS translation entry.

Options

Redirect Portal IP

If you want the FortiProxy unit to use the portal IP address to replace the resolved IP address in the DNS response packet, select Use FortiGuard Default or Specify. If you select Specify, enter the portal IP address.

Allow DNS requests when a rating error occurs

Enable to allow access to domains that return a rating error from the web filter service.

If your unit is temporarily unable to contact the FortiGuard service, this setting determines what access the unit allows until contact is re-established. If enabled, users will have full unfiltered access to all domains. If disabled, users will not be allowed access to any domains.

Log all DNS queries and responses

Enable if you want DNS queries and responses logged.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

To edit a DNS filter profile:

  1. Go to Security Profiles > DNS Filter.

  2. Select the profile you want to edit and then click Edit from the toolbar or double-click on the profile name in the list. The Edit DNS Filter Profile window opens.

  3. Edit the information as required and then select OK to save your changes.

Previous
Next

Create or edit a DNS filter profile

Click Create New to open the New DNS Filter Profile window.

Configure the following settings and then click OK:

Name

The name of the DNS filter profile.

Comments

Optional description of the DNS filter profile.

Redirect botnet C&C requests to Block Portal

FortiGuard Service continually updates the botnet C&C domain list. The botnet C&C domain blocking feature can block the botnet website access at the DNS name resolving stage. This provides additional protection for your network.

Enforce 'Safe search' on Google, Bing, YouTube

The DNS safe search option helps avoid explicit and inappropriate results in the Google, Bing, and YouTube search engines. The FortiProxy responds with content filtered by the search engine.

Restrict YouTube Access

Select the Strict or Moderate level of restriction for YouTube access.

This option is available only if Enforce 'Safe search' on Google, Bing, YouTube is enabled.

FortiGuard category based filter

Enable if you want to use FortiGuard categories. If the device is not licensed for the FortiGuard web-filtering service, traffic can be blocked by enabling this option.

Allow/Monitor/Redirect to Block Portal

Select the action for each FortiGuard category: Allow, Monitor, or Redirect to Block Portal.

Static Domain Filter

Domain Filter

Enable to create or edit domain filters. See Create or edit a domain filter.

External IP Block Lists

Enable to create or select a list of external IP addresses to block. See External Connectors.

DNS Translation

This setting allows you to translate a DNS resolved IP address to another IP address you specify on a per-policy basis. See Create or edit a DNS translation entry.

Options

Redirect Portal IP

If you want the FortiProxy unit to use the portal IP address to replace the resolved IP address in the DNS response packet, select Use FortiGuard Default or Specify. If you select Specify, enter the portal IP address.

Allow DNS requests when a rating error occurs

Enable to allow access to domains that return a rating error from the web filter service.

If your unit is temporarily unable to contact the FortiGuard service, this setting determines what access the unit allows until contact is re-established. If enabled, users will have full unfiltered access to all domains. If disabled, users will not be allowed access to any domains.

Log all DNS queries and responses

Enable if you want DNS queries and responses logged.

API Preview

The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
To use the API Preview:

  1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

  2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

  3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

  4. Click Close to leave the preview.

To edit a DNS filter profile:

  1. Go to Security Profiles > DNS Filter.

  2. Select the profile you want to edit and then click Edit from the toolbar or double-click on the profile name in the list. The Edit DNS Filter Profile window opens.

  3. Edit the information as required and then select OK to save your changes.

Previous
Next