|
When a local category is created as follows:
# config webfilter ftgd-local-cat
edit "custom1"
set id 140
next
It can be applied with different actions in the web filter profile:
# config webfilter profile
edit "teeest"
# config ftgd-wf
# config filters
edit 1
set category 140
next
end
end
next
end
The category can have different 'action' values as follows.
Pay attention to 'allow' action which has different behavior in comparison to the regular Fortiguard categories:
'Block' → Self explanatory, blocks all URL under this category.
'Authenticate' → Only available in proxy mode, will require client authentication in order to allow access to the category
'Warning' → Displays warning page and 'proceed' button, note that a 'block' action will be logged in the logs in case of warning page.
'Allow' → For local categories, allow means that the local category is allowed, but then the default FortiGuard category is applied and action is taken based on the URL fortiguard category.
'Monitor' → Allows the local category without further checking the Fortiguard category, also creates a log.
In summary, for local category to fully bypass the original FortiGuard category, action 'monitor' have to be used.
|
