Description
When a search with a word related on banned category in web filter profile is made, images of this banned category are displayed on search engine webpage such as Google images for example.
This article explains how images of this banned categories can be blocked on search engines.
Solution
- Using full SSL inspection.:
Go to Policy & Objects -> Firewall Policy and edit the policy that allows connections from the internal network to the Internet.
Set SSL Inspection to use the deep-inspection profile.
Using the deep-inspection profile may cause certificate errors.
For information about avoiding this, see Preventing certificate warnings.
Note: It is important to make sure that search engine URLs are not exempted from SSL Inspection. Examples of search engine URLs:
- google.com
- bing.com
- search.yahoo.com
- Changing the DNS records for www.google.com.
In order to force Google SafeSearch for the entire network, set the DNS entry for www.google.com (and another other Google search domains, such as www.google.ca) to be a Canonical Name (CNAME) for forcesafesearch.google.com.
This forces all search traffic to use forcesafesearch.google.com.
The method for changing the DNS records using the FortiGate varies, depending on whether the FortiGate is the network’s DNS server, or if an external server is used.
- Enabling Safe Search in the GUI:
Go to Security Profiles -> Web Filter, select the respective Web Filter Profile, Search Engines, enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex (Enable this option) and select 'Apply'. The Web Filter Feature must be set to proxy-based.
This enforces the use of Safe Search in traffic controlled by the firewall policies using the 'Web Filter' profile configured.
Related articles:
