Created on
02-11-2024
07:40 AM
Edited on
02-19-2025
09:26 AM
By
Stephen_G
This article describes how to configure user authentication for a specific FortiGuard Web Filter category.
FortiGate, Web filter.
Requirements:
Configure a specific user group. It can be Local, LDAP or Radius. For this exercise, a Local user group will be used.
Note: FSSO and SAML user groups are not supported for now.
Note: The user group can be LDAP or Radius.
Go to Security Profiles -> Web Filter -> Create New -> Name, FortiGuard Category Based Filter -> Select Category -> Authenticate.
For this example, social network is used.
After, select the user group created in point 1, define the time range for warning interval in hours, minutes and/or seconds. Select OK.
Note: This warning level will define the interval, after which the timer will expire. In this particular example, after 2 hours, the user will no longer be able to access the website until the authentication happens again. This case will hold true particularly for streaming platforms such as YouTube, where the video will stop after two hours.
After, remember to select OK in the next screen to save the Web Filter Profile.
CLI reference:
Use the following command to see the website category ID:
get webfilter categories
Set the category to authenticate and add the user group.
config webfilter profile
edit "default"
config ftgd-wf
config filters
edit 36
set category 37
set action authenticate
set warn-duration 2h5m
set auth-usr-grp "usergroup"
next
end
end
next
end
Create a firewall policy and select the Web Filter 'WebAuth' profile created in point 2.
Open a web browser and try to reach any site belonging to a category such as Facebook. A certificate error may appear: to prevent this, install Fortinet_CA_SSL certificate as a trusted root certificate in the PC.
Select Proceed and authenticate with user credentials.
If authentication is successful, access will be allowed.
Go to Log & Report -> Events -> User Events.
Notes:
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.