Technical Tip: How to block advertisements appearing on websites

There are two methods to block advertisements that appear on various websites on the internet.
It is possible to either use the DNS filter, or the Web Filter to block this traffic

To configure the DNS filter to block advertisements:

Step 1: Navigate to Security Profiles -> DNS filter -> Create a new profile.

Step 2: Configuring a firewall policy.

Apply this newly created DNS filter profile to an outbound policy that has a proxy-based inspection mode. Ensure that the DNS traffic for the user passes through this policy. If the client machine is using a public DNS server for hostname resolutions, apply the DNS filter applied on the firewall policy accepting traffic from LAN to WAN.

This configuration will inspect all the DNS requests destined to the public DNS servers and when the hostname in the DNS request falls into the advertisement category, the request will be blocked by FortiGate.

To configure the Web Filter to block advertisements:

Step 1: Navigate to Security Profiles -> Web Filter -> Create a new profile.

Step 2: Inside of this new profile, scroll down to 'General Interest - Personal' and set Advertising to 'Block'.

Step 3: Apply this to the internet Firewall Policy for the users this change should be applied on.

To confirm that advertisements on the website are blocked successfully, visit the site using an incognito or InPrivate window. Then, review the FortiGate DNS filter or Web Filter logs for events similar to the examples shown below.