Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff

Created on ‎10-19-2020 12:32 AM Edited on ‎11-24-2025 02:32 AM By Community Manager

Article Id 194147

Technical Tip: How to block malicious websites

Description

 

This article describes how to block malicious websites.

In recent network implementations, it is a minimum security requirement to block users from accessing malicious websites such as phishing websites.

 

Scope

 

FortiGate.


Solution


On UTM units like FortiGate, it is very easy to block users from accessing malicious websites in one go using the web filter feature.

Here are simple steps to achieve it.
Method One:

  1. Go to the Security profile -> Web Filter, select 'Create New' or edit an existing web filter profile.
    Navigate to the option called 'FortiGuard category based filter', expand 'Security Risk' category, and then find the sub-category 'Malicious Websites', select it, and select the option as 'Block'.

 
  1. Now, map this Web filter profile to the security policies.

Go to Policy and Object -> IPv4 Policy and select 'Create New'.
Select the respective incoming, outgoing interface, and source subnets and destination as ALL (as the destination is the Internet).

Make sure to select the SSL certificate inspection as an SSL deep inspection profile to inspect the HTTPS header properly.

Refer to the following as an example:

 
 

Method Two:

Use static URL filtering for specific sites:

  1. Go to Security Profiles -> Web Filter and select Create New.
  2. Create a new profile or edit an existing one.
  3. Scroll to the Static URL Filter section and select Create New.
  4. In the dialog box, set the URL to the address that needs to be blocked (e.g., malicious-site.com or *.malicious-site.com/*).
  5. Set the Type to Simple for exact matches or Wildcard for patterns.
  6. Set the Action to Block and Status to Enable.
  7. Select OK.
  8. Apply this Web Filter profile to the firewall policy.

 

Method Three:

Block by IP address using Internet Service Database (ISDB).

  1. Go to Policy & Objects -> Internet Service Database -> Internet Services.
  2. Use the search function to find and verify if a malicious IP address is part of a predefined service.
  3. Go to the firewall policy and add the malicious IP address or the associated Internet Service as a destination.
  4. Set the policy to deny.
  5. Ensure the FortiGate has an active subscription for FortiGuard services to get the latest ISDB information. 

 

Test for accessing any malicious website from the user's browser.
28129
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.