FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvagadia
Staff
Staff
Article Id 207879
Description This article describes how to configure web filters and URL filter via CLI.
Scope FortiGate.
Solution

To create a URL filter via CLI for Facebook.

 

Forti # config webfilter urlfilter
Forti (urlfilter) edit 1
Forti (1) set name "webfilter"
Forti (1) # config entries
Forti (entries) edit 1
Forti (1) set url "*facebook.com"
Forti (1) set type wildcard
Forti (1) set action block
Forti (1) next
Forti (entries) end
Forti (1) next

 

Now, it is possible to call that URL filter a web filter profile.

 

Forti # config webfilter profile
Forti (profile) edit "webprofile"
Forti (webprofile) # config web
Forti (web) set urlfilter-table <-----urlfilter-table Enter an integer value from <0> to <4294967295>.
1 webfilter <----- URL table which was created earlier.
Forti (web) set urlfilter-table 1
Forti (web) end
Forti (webprofile) config ftgd-wf <----- FortiGuard web filter settings.
Forti (ftgd-wf) end
Forti (webprofile) next
Forti (profile) end

 

To apply the Web Filter profile to a firewall policy:

 

config firewall policy

(policy) # edit 1

(1) #set webfilter-profile "webfilter"

(1) # end

 

To check if the configuration was applied

 

config firewall policy

(policy) # edit 1

(1) # show

 

config firewall policy
    edit 1
        set name "WF"
        set srcintf "wan2"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set inspection-mode proxy
        set logtraffic all
        set webfilter-profile "webfilter"
        set profile-protocol-options "protocol"
        set ssl-ssh-profile "protocols"
        set nat enable
    next
end

 

Related articles:

Technical Tip: Web filter profiles in NGFW policy mode 

Technical Tip: FortiGate configure web filter content filtering