FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Article Id 272858
Description This article describes how to prevent organization users from opening links from YouTube adverts with a web filter.
Scope FortiGate.
Solution

First, it is necessary to add the following external threat feeds:

 

 

From the CLI:

 

config system external-resource

edit "test"

set uuid e968f1b0-4382-51ee-65d2-8c33c29cb0f5

set category 192

set resource "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"

next

edit "test2"

set uuid e9696fbe-4382-51ee-ec8f-0bf0c8f565ab

set category 193

set resource "https://v.firebog.net/hosts/AdguardDNS.txt"

next

edit "test3"

set uuid e96a29ea-4382-51ee-4148-432505bba3fa

set category 194

set resource "https://v.firebog.net/hosts/Easylist.txt"

next

edit "test4"

set uuid e96ae178-4382-51ee-df34-cd682e411f8f

set category 195

set resource "https://v.firebog.net/hosts/Easyprivacy.txt"

next

edit "test5"

set uuid e96b996a-4382-51ee-eb60-9f8fda46e793

set category 196

set resource "https://v.firebog.net/hosts/Admiral.txt"

next

edit "test6"

set uuid e96c4d42-4382-51ee-ed33-37991e5981a7

set category 197

set resource "https://v.firebog.net/hosts/Prigent-Ads.txt"

next

edit "test7"

set uuid e96d0868-4382-51ee-a81a-d99a3ff307af

set category 198

set resource "https://dbl.oisd.nl/"

next

edit "test8"

set uuid e96dacb4-4382-51ee-caf8-9cb36b8d92e3

set category 199

set resource "https://easylist.to/easylist/easylist.txt"

next

edit "test9"

set uuid e96e6bf4-4382-51ee-fe6b-b3c3de8c8e61

set category 200

set resource "https://hosts.oisd.nl/"

next

end

 

From the GUI:

 

Go to Security Fabric -> External Connectors -> Create New -> Fortiguard Category and then enter the URLs above like in the screenshot below:

 threatfeedgui.PNG

 

  • The next step is to Create a new Web Filter profile:

    Go to Security Profiles -> Web Filter -> Create New. Name the profile. Under FortiGuard category based filter, find the following external lists in the remote category and select the ‘block’ action. Save this profile.

 webfilter.PNG

 

  • Finally, create a firewall policy add the newly created Web Filter profile, then select SSL inspection ‘Deep Inspection’ in order for the web filter to work properly.

 

From the CLI:

 

config firewall policy

edit "1"

set name "test"

set uuid ef8a2662-437e-51ee-227f-4c73ceeb9543

set srcintf "port2"

set dstintf "port1"

set action accept

set srcaddr "pc 43"

set dstaddr "all"

set schedule "always"

set service "ALL"

set utm-status enable

set ssl-ssh-profile "deep-inspection"

set webfilter-profile "NoAds"

set nat enable

next

end


From the GUI:

 firewallpolicy.PNG

 

 

 

 

  • Results:

    Browse YouTube and select a video to watch. When an advert appears, try opening the corresponding page it links. The page will be blocked by FortiGate.

 youtubeclick.PNG

 

grammerlyblock.PNG

 

The same can be seen in the web filter logs under Log & Report -> Security Events -> Web Filter.

 

webfilter log.PNG