FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
svkamleshkumar
Article Id 336243
Description

This article describes the ad-blocking feature of FortiGate for websites that display advertisements.

Scope FortiGate.
Solution

Follow the steps below to block advertisements that appear on various websites on the internet.

Step 1: Configuring a UTM Profile to block Advertisements.

 

  • Navigate to Security Profiles -> DNS filter -> Create a new profile.

 

svkamleshkumar_0-1724630290019.png


Step 2: Configuring a firewall policy.


Apply this newly created DNS filter profile to an outbound policy that has a proxy-based inspection mode. Ensure that the DNS traffic for the user passes through this policy. If the client machine is using a public DNS server for hostname resolutions, apply the DNS filter applied on the firewall policy accepting traffic from LAN to WAN.

 

svkamleshkumar_1-1724630290028.png

 

This configuration will inspect all the DNS requests destined to the public DNS servers and when the hostname in the DNS request falls into the advertisement category, the request will be blocked by FortiGate.

 

Step 3: Verification.
To confirm that advertisements on the website are blocked successfully, visit the site using an incognito or InPrivate window. Then, review the FortiGate DNS filter logs for events similar to the examples shown below.

 

svkamleshkumar_2-1724630290046.png