FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akamath
Staff
Staff
Article Id 196049
Description
This article describes how to configure Web filters in NGFW policy mode and how to use it in security policies.

Scope
For version 6.4.2.

Solution
Only Static URL Filter options can be configured.

To create a web filter profile when the FortiGate is in policy mode from GUI.

1) Go to Security Profiles -> Web Filter and select 'Create New'.
2) Enter a name for the profile and configure the remaining settings as required.





3) Select 'OK'.

To apply web filter profile in a security policy from GUI.


1) Go to Policy & Objects -> Security Policy and select 'Create New'.
2) Enter a name for the policy, and configure the remaining settings as required.
3) Under Security Profiles, enable Web Filter and select the web filter.






4) Select 'OK'.

CLI commands:

1) Web filter.
# config webfilter urlfilter
    edit 1
        set name "Auto-webfilter-urlfilter_bwv7i1r83"
# config entries
    edit 1
        set url "*.bot*.com"
        set type wildcard
        set action block
    next
end
next
end
2) Configure content filters.
# config webfilter content
    edit 1
        set name "Auto-webfilter-content_mqqyssuxd"
# config entries
    edit "gambling"
    set status enable
next
    edit "news"
        set status enable
    next
edit "test"
    set status enable
next
    edit "example"
        set status enable
    next
end
next
end
3) Configure the web filter profile.
# config webfilter profile
    edit "webfilter-demo"
        set options block-invalid-url
# config web
    set bword-table 1
    set urlfilter-table 1
    set blacklist enable
end
next
end
4) To use the web filter profile in a security policy from  CLI.
# config firewall security-policy
    edit 1
        set name "policy-demo-1"
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set webfilter-profile "webfilter-demo"
        set app-category 15 25
    next
end

Contributors