This article describes how to use web filters to block most of the sites and allow Gmail access only. When tested, the browser is still able to show browser results such as images.See samples below:
FortiGate.
URL: *youtube.com/*
Type: Wildcard
Action: Block
URL: *.google.com/gmail/*
Type: Wildcard
Action: Exempt
URL: *gmail.com/*
Type: Wildcard
Action: Exempt
URL: *mail.google.com/*
Type: Wildcard
Action: Exempt
URL: *.google.com/*
Type: Wildcard
Action: Exempt
URL: *accounts.google.com/*
Type: Wildcard
Action: Exempt
URL: *gstatic.*
Type: Wildcard
Action: Exempt
URL: *googleapis*
Type: Wildcard
Action: Exempt
URL: *google.*
Type: Wildcard
Action: Exempt
URL: *mail-attachment.googleusercontent*
Type: Wildcard
Action: Exempt
URL: *
Type: Wildcard
Action: Block
Make sure that the policy customized in step 2 is higher than a policy that is allowed to access the Internet if there is such a policy. The first IPv4 policy that matches the parameters of the IPv4 policy be followed. Reference: Firewall policies
Preventing certificate warnings (default certificate)
Install the default deep inspection certificate on the machine.
Refer to the links below for further reading:
Changing inspection mode: Technical Tip: Changing the inspection mode of the firewall
Effects of changing the inspection mode: Technical Tip: Effects of changing the inspection mode Creating security policies for different users: Creating the Admin user, device, and policy
Guide for static URL filter: URL filter
Why SSL Inspection: Why you should use SSL inspection
Explanation of certificate warnings when using web filtering: Technical Tip: Web Filtering certificate warning
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.