FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 207879
Description This article describes how to configure web filter and URL filter via CLI.

To create a URL filter via CLI for Facebook.


Forti # config webfilter urlfilter
Forti (urlfilter) edit 1
Forti (1) set name "webfilter"
Forti (1) # config entries
Forti (entries) edit 1
Forti (1) set url "*"
Forti (1) set type wildcard
Forti (1) set action block
Forti (1) next
Forti (entries) end
Forti (1) next


Now, it is possible to call that URL filter a web filter profile.


Forti # config webfilter profile
Forti (profile) edit "webprofile"
Forti (webprofile) # config web
Forti (web) set urlfilter-table <-----urlfilter-table Enter an integer value from <0> to <4294967295>.
1 webfilter <----- URL table which was created earlier.
Forti (web) set urlfilter-table 1
Forti (web) end
Forti (webprofile) config ftgd-wf <----- FortiGuard web filter settings.
Forti (ftgd-wf) end
Forti (webprofile) next
Forti (profile) end


To apply the web filter profile to a firewall policy.


# config firewall policy
    edit 1
        set name "WF"
        set srcintf "wan2"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set inspection-mode proxy
        set logtraffic all
        set webfilter-profile "webfilter"
        set profile-protocol-options "protocol"
        set ssl-ssh-profile "protocols"
        set nat enable