Skip to main content
sirisha
sirisha
New Member
December 21, 2017
Solved

Fortinet Web Filtering

  • December 21, 2017
  • 1 reply
  • 24543 views

Hi,

I have recently come across a doubt regarding whether, FortiNet Web Filtering can be used for blocking the access to various social media sites like, Facebook, Twitter, Instagram, etc. If yes, may I know the process involved, please.

 

Thanks in Advance.

Best answer by blackhole_route

The short answer is yes. As an example, see http://cookbook.fortinet.com/blocking-facebook-56/, the admin guide --> https://docs.fortinet.com/uploaded/files/3999/fortios-handbook-56.pdf, or the Security Profiles guide --> https://docs.fortinet.com/uploaded/files/3648/fortigate-security-profiles-56.pdf

 

The short version is that you can use web filter profiles applied to traffic to allow/deny based on category, as well as specifying url filters to allow/deny specific sites. In order to handle ssl sites, ssl inspection (certificate inspection) will need to be enabled to inspect the ssl client hello and certificate to determine the site for any ssl related communication.

 

Note that you will also need full UTM licensing in order to utilize web filtering features.

 

1 reply

blackhole_route
blackhole_routeAnswer
New Member
December 26, 2017

The short answer is yes. As an example, see http://cookbook.fortinet.com/blocking-facebook-56/, the admin guide --> https://docs.fortinet.com/uploaded/files/3999/fortios-handbook-56.pdf, or the Security Profiles guide --> https://docs.fortinet.com/uploaded/files/3648/fortigate-security-profiles-56.pdf

 

The short version is that you can use web filter profiles applied to traffic to allow/deny based on category, as well as specifying url filters to allow/deny specific sites. In order to handle ssl sites, ssl inspection (certificate inspection) will need to be enabled to inspect the ssl client hello and certificate to determine the site for any ssl related communication.

 

Note that you will also need full UTM licensing in order to utilize web filtering features.

 

Sidewaysguy
Sidewaysguy
New Member
December 29, 2017

Hi there,

 

Just to add onto what blackhole_route was saying....  The Webfilter itself is looking at the http request, but most/all social media websites use https and actually fall into the "web app" category.  As noted, the combination of security profiles is needed to properly give or deny access to web resources.

 

Cheers,

 

Sidewaysguy

aviniesky
aviniesky
New Member
January 30, 2018

Hi Guys, 

 

Can you help me with a doubt. I' evaluating Fortigate as an option to replace the actual Gateway in my job. 

One requirement i need to be accomplished by the device is web content filtering feature.

 

I saw in a previous message on this thread that I need to have a full UTM license in order to enable this feature in a Fortigate. Is it mandatory or could I access to a basic web content filtering if I don't buy this license?

 

Excuse me for my english, I hope that you understand my question.

 

Thank you very much in advance for your assistance.

Regards.

 

Terms & ConditionsAccessibility statement