Description
This article describes how to configure Web filters in NGFW policy mode and how to use it in security policies.
Scope
For version 6.4.2.
Solution
Only Static URL Filter options can be configured.
To create a web filter profile when the FortiGate is in policy mode from GUI.
1) Go to Security Profiles -> Web Filter and select 'Create New'.
2) Enter a name for the profile and configure the remaining settings as required.
This article describes how to configure Web filters in NGFW policy mode and how to use it in security policies.
Scope
For version 6.4.2.
Solution
Only Static URL Filter options can be configured.
To create a web filter profile when the FortiGate is in policy mode from GUI.
1) Go to Security Profiles -> Web Filter and select 'Create New'.
2) Enter a name for the profile and configure the remaining settings as required.
3) Select 'OK'.
To apply web filter profile in a security policy from GUI.
1) Go to Policy & Objects -> Security Policy and select 'Create New'.
2) Enter a name for the policy, and configure the remaining settings as required.
3) Under Security Profiles, enable Web Filter and select the web filter.
To apply web filter profile in a security policy from GUI.
1) Go to Policy & Objects -> Security Policy and select 'Create New'.
2) Enter a name for the policy, and configure the remaining settings as required.
3) Under Security Profiles, enable Web Filter and select the web filter.
4) Select 'OK'.
CLI commands:
1) Web filter.
CLI commands:
1) Web filter.
# config webfilter urlfilter2) Configure content filters.
edit 1
set name "Auto-webfilter-urlfilter_bwv7i1r83"
# config entries
edit 1
set url "*.bot*.com"
set type wildcard
set action block
next
end
next
end
# config webfilter content3) Configure the web filter profile.
edit 1
set name "Auto-webfilter-content_mqqyssuxd"
# config entries
edit "gambling"
set status enable
next
edit "news"
set status enable
next
edit "test"
set status enable
next
edit "example"
set status enable
next
end
next
end
# config webfilter profile4) To use the web filter profile in a security policy from CLI.
edit "webfilter-demo"
set options block-invalid-url
# config web
set bword-table 1
set urlfilter-table 1
set blacklist enable
end
next
end
# config firewall security-policy
edit 1
set name "policy-demo-1"
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set webfilter-profile "webfilter-demo"
set app-category 15 25
next
end
