FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff
Article Id 196205

Description

 

This article describes the FortiOS 'Safe Search' feature, which will force connections going to certain search engines to use safe search feature on the portal, and provides steps on how to enable it.


Scope


FortiGate - Safe Search, Google, Yahoo, Bing.


Solution


Safe Search is a feature of popular search sites that prevents explicit web sites and images from appearing in search results.
Although Safe Search is a useful tool, especially in educational environments, the resourceful user may be able to simply turn it off. Enabling Safe Search for the supported search sites enforces its use by rewriting the search URL to include the code to indicate the use of the Safe Search feature.
For example, on a Google search it would mean adding the string “&safe=active” to the URL in the search.


The search sites supported are:

  • Google.
  • Yahoo.
  • Bing.
  • Yandex.

Enabling Safe Search in the GUI

Navigate to the FortiGate GUI -> Security Profiles -> Web Filter.
Select the intended Web Filter Profile.
Select Search Engines.
Enable Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex.
Select Apply.

 

 
Enabling SafeSearch in the CLI
 
Run the following configuration in the CLI:

config webfilter profile
edit default      
    set feature-set proxy             
config web
set safe-search <url>
end
end
 
For Google, it may be necessary to block QUIC under the application control menu:

quick.JPG
This enforces the use of Safe Search in traffic controlled by the firewall policies using the web filter that was configured.

Note: The 'Safe Search' feature is only available when the Web Filter profile and the firewall policy are set to proxy-based. See the administration guide for more information. SSL/SSH deep inspection is mandatory for safe search enforcement to work when using a Web Filter. Enable a deep inspection profile in the corresponding firewall policy.

Alternatively, it is possible to enforce Safe Search using a DNS Filter without deep inspection. Refer to this article: Technical Tip: Configuring DNS safe search
 
Related articles: