FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
abarushka
Staff
Staff
Article Id 196179

Description

 
This article explains the order in which web filtering steps are executed.


Solution

 
There is a specific order of execution of the web filtering steps:
 
  1. Static URL Filtering: Static URL filtering (Note when using the URL filter ‘Exempt’ option, Antivirus, File Filter, and DLP scanning are exempt besides web-filtering by default. It is possible to configure manually any particular inspection(s) which are to be bypassed by using the 'set exempt' command in 'config webfilter urlfilter').

  2. FortiGuard categories: URLs are checked against Fortinet's cloud-based service for categorization and reputation checks. The traffic is allowed or blocked based on the predefined categories and the rules set by the administrator.

  3. Content: This involves scanning the web content for malicious content, viruses, and inappropriate material.
    Content filtering ensures that harmful or undesirable content is not delivered to the user.

  4. Advanced optionsThis includes additional filtering and inspection options such as blocking Java applets.
    These options are only available when the inspection mode is set to proxy.

    abarushka_FD40476_tn_FD40476-1.jpg

Note:

  • FortiOS 6.2 has a File Filter added to the Webfilter profile. This functions correctly only when proxy-mode inspection is used (File filter).
  • FortiOS 6.4 has a File Filter as a separate Security Profile, with individual settings, including a limited flow-based operation mode.
 
Related document: