Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff

Created on ‎09-17-2009 04:47 PM Edited on ‎10-20-2025 04:59 AM By Community Manager

Article Id 196205

Technical Tip: Safe Search feature in FortiOS and how to enable it

Description

 

This article describes the FortiOS 'Safe Search' feature, which will force connections going to certain search engines to use safe search feature on the portal, and provides steps on how to enable it.


Scope


FortiGate, Safe Search, Google, Yahoo, Bing.


Solution


Safe Search is a feature of popular search sites that prevents explicit websites and images from appearing in search results. Although Safe Search is a useful tool, especially in educational environments, the resourceful user may be able to simply turn it off. Enabling Safe Search for the supported search sites enforces its use by rewriting the search URL to include the code to indicate the use of the Safe Search feature.
For example, on a Google search, it would mean adding the string “&safe=active” to the URL in the search.

The search sites supported are:

  • Google.
  • Yahoo.
  • Bing.
  • Yandex.

Enabling Safe Search in the GUI:

  1. Navigate to the FortiGate GUI -> Security Profiles -> Web Filter.
  2. Select the intended Web Filter Profile.
  3. Select Search Engines.
  4. Enable Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex.
  5. Select Apply.

 

 
Enabling SafeSearch in the CLI:
Run the following configuration in the CLI:

 config webfilter profile
edit default      
    set feature-set proxy             
config web
set safe-search <url>
end
end
 
For Google, it may be necessary to block QUIC under the application control menu:

quick.JPG
This enforces the use of Safe Search in traffic controlled by the firewall policies using the web filter that was configured.

Note:
The 'Safe Search' feature is only available when the Web Filter profile and the firewall policy are set to proxy-based. See the administration guide for more information. SSL/SSH deep inspection is mandatory for safe search enforcement to work when using a Web Filter. Enable a deep inspection profile in the corresponding firewall policy. Make sure the search engine FQDN wildcard is not in the SSL Inspection exempt list. 

Alternatively, it is possible to enforce Safe Search using a DNS Filter without deep inspection. Refer to this article: Technical Tip: Configuring DNS safe search
 
Related articles: 
18123
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.