FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhashemi
Staff
Staff

Description

This article explains how to allow Facebook without video while the Social Networking category is blocked in the Web Filter Profile.


Solution

1) Import the FortiGate CA certificate into the web browsers on the PCs behind the FortiGate unit in the internal network.

2) Clear web search history, web cache and cookies on the web browsers.

3) Create a new Web Filter profile and set the Social Networking category to block.
FortiGuard Categories > General Interest – Personal > Social Networking.

4) Create new Web Filter Overrides for the following URLs:
static.xx.fbcdn.net
scontent.xx.fbcdn.net
external.xx.fbcdn.net

Note: In some case, if Facebook.com is loading partially on the browser then the above URLs must be overriden.

5) Enable Web Filter Profile and SSL Deep Inspection in the Firewall Policy.

6) The Facebook website can now be browsed but Facebook Videos will be blocked because the URL "video.xx.fbcdn.net" was not overriden and it is blocked as Social networking category.

In the case where videos should also be allowed, it will be necessary to create a new Web Filter Override for "video.xx.fbcdn.net" as it shown in step 4.

 

 

 

Contributors