Created on 02-20-2024 06:03 AM Edited on 02-21-2024 05:37 AM By Jean-Philippe_P
This article describes how to test the web-filter rating on FortiManager and on FortiGate.
FortiManager.
Prerequisites:
Schema of the configured environment:
Glossary and terminology:
Testing the web-filter rating on FortiManager.
Acting as a local web-filter server, FortiManager makes it possible to locally access the FortiManager's web-filter database to review rating results, simulating a client (FortiGate) request:
diagnose fmupdate test fgd-url-rating < Hostname or IP of FortiGuard server> <Serial Number of the FortiGate> <Web-filter Category> <URL>
Below is an example that simulates a client (FortiGate) for a rating request on FortiManager:
diag fmupdate test fgd-url-rating 127.0.0.1 FGVM02TM22000794 41 https://www.fortiguard.com/wftest/41.html
The previous CLI command has been intentionally executed twice to illustrate that the response time may vary slightly for the same URL rating.
The command provides access to additional valuable information, including the local web-filter package version and the matched category (in hexadecimal).
It is possible to similarly perform the operation to simulate a query on a fallback public FDS server:
As predicted, the response time is considerably greater than when FortiGate makes a request to the local FDS server (FortiManager). This underscores the significance of utilizing FortiManager as a local web rating server. It is important to note that performing the same operation directly from FortiGate itself may result in longer response times.
Fortinet provides a tool to test and rate URLs: https://www.fortiguard.com/wftest/41.html where the number /xx.html is the category ID (replace it accordingly).
Use the cli command 'diag fmupdate fgd-wfas-rate wf' to see Webfiter/antispam rating speed:
To view web filter statistics on FortiGate, use the command 'diagnose webfilter stats list root': Counters increment with each user accessing a website. Depending on the configured web-filter policy on FortiGate, these HTTP/s requests may be blocked, allowed, monitored, or overwritten.
To check web filter logs in the CLI (FortiGate), run the following commands:
execute log filter category utm-webfilter
execute log display
Related article:
How to configure and optimize FortiManager as Local Web filter Server.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.