FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure web filter and URL filter via CLI.
To create a URL filter via CLI for Facebook.
Forti # config webfilter urlfilter Forti (urlfilter) edit 1 Forti (1) set name "webfilter" Forti (1) # config entries Forti (entries) edit 1 Forti (1) set url "*facebook.com" Forti (1) set type wildcard Forti (1) set action block Forti (1) next Forti (entries) end Forti (1) next
Now, it is possible to call that URL filter a web filter profile.
Forti # config webfilter profile Forti (profile) edit "webprofile" Forti (webprofile) # config web Forti (web) set urlfilter-table <-----urlfilter-table Enter an integer value from <0> to <4294967295>. 1 webfilter <----- URL table which was created earlier. Forti (web) set urlfilter-table 1 Forti (web) end Forti (webprofile) config ftgd-wf <----- FortiGuard web filter settings. Forti (ftgd-wf) end Forti (webprofile) next Forti (profile) end
To apply the web filter profile to a firewall policy.
# config firewall policy edit 1 set name "WF" set srcintf "wan2" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set logtraffic all set webfilter-profile "webfilter" set profile-protocol-options "protocol" set ssl-ssh-profile "protocols" set nat enable next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.