To create a URL filter via CLI for Facebook.
Forti # config webfilter urlfilter Forti (urlfilter) edit 1 Forti (1) set name "webfilter" Forti (1) # config entries Forti (entries) edit 1 Forti (1) set url "*facebook.com" Forti (1) set type wildcard Forti (1) set action block Forti (1) next Forti (entries) end Forti (1) next
Now, it is possible to call that URL filter a web filter profile.
Forti # config webfilter profile Forti (profile) edit "webprofile" Forti (webprofile) # config web Forti (web) set urlfilter-table <-----urlfilter-table Enter an integer value from <0> to <4294967295>. 1 webfilter <----- URL table which was created earlier. Forti (web) set urlfilter-table 1 Forti (web) end Forti (webprofile) config ftgd-wf <----- FortiGuard web filter settings. Forti (ftgd-wf) end Forti (webprofile) next Forti (profile) end
To apply the Web Filter profile to a firewall policy:
config firewall policy
(policy) # edit 1
(1) #set webfilter-profile "webfilter"
(1) # end
To check if the configuration was applied
config firewall policy
(policy) # edit 1
(1) # show
config firewall policy edit 1 set name "WF" set srcintf "wan2" set dstintf "wan1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set inspection-mode proxy set logtraffic all set webfilter-profile "webfilter" set profile-protocol-options "protocol" set ssl-ssh-profile "protocols" set nat enable next end
Related articles:
Technical Tip: Web filter profiles in NGFW policy mode
Technical Tip: FortiGate configure web filter content filtering
|