FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure web filter and URL filter via CLI.
Scope
Solution
To create a URL filter via CLI for Facebook.
Forti # config webfilter urlfilter Forti (urlfilter) edit 1 Forti (1) set name "webfilter" Forti (1) # config entries Forti (entries) edit 1 Forti (1) set url "*facebook.com" Forti (1) set type wildcard Forti (1) set action block Forti (1) next Forti (entries) end Forti (1) next
Now, it is possible to call that URL filter a web filter profile.
Forti # config webfilter profile Forti (profile) edit "webprofile" Forti (webprofile) # config web Forti (web) set urlfilter-table <-----urlfilter-table Enter an integer value from <0> to <4294967295>. 1 webfilter <----- URL table which was created earlier. Forti (web) set urlfilter-table 1 Forti (web) end Forti (webprofile) config ftgd-wf <----- FortiGuard web filter settings. Forti (ftgd-wf) end Forti (webprofile) next Forti (profile) end
To apply the web filter profile to a firewall policy.
# config firewall policy edit 1 set name "WF" set srcintf "wan2" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set logtraffic all set webfilter-profile "webfilter" set profile-protocol-options "protocol" set ssl-ssh-profile "protocols" set nat enable next end
