Description
This article describes the order in which web filtering steps are executed.
Scope
FortiGate.
Solution
There is a specific order of execution of the web filtering steps:
- Static URL Filtering: Static URL filtering (Note: when using the URL filter 'Exempt' option, Antivirus, File Filter, and DLP scanning are exempt, besides web-filtering by default. It is possible to configure manually any particular inspection(s) which are to be bypassed by using the 'set exempt' command in 'config webfilter urlfilter').
- FortiGuard categories: URLs are checked against Fortinet's cloud-based service for categorization and reputation checks. The traffic is allowed or blocked based on the predefined categories and the rules set by the administrator.
- Content: This involves scanning the web content for malicious content, viruses, and inappropriate material.
Content filtering ensures that harmful or undesirable content is not delivered to the user. - Advanced options: This includes additional filtering and inspection options, such as blocking Java applets.
These options are only available when the inspection mode is set to proxy.
Note:
- FortiOS v6.2 has a File Filter added to the Webfilter profile. This function works correctly only when proxy-mode inspection is used (File filter).
- FortiOS v6.4 has a File Filter as a separate Security Profile, with individual settings, including a limited flow-based operation mode.
- Keep in mind that the order of precedence/execution shown before is within the web filter; however, the UTM profile order of precedence/execution is found on Technical Tip: Processing Order of UTM Profiles in FortiGate Firewall Policies.
Related documents:
