Created on
02-20-2024
06:03 AM
Edited on
02-21-2024
05:37 AM
By
Jean-Philippe_P
Description
This article describes how to test the web-filter rating on FortiManager and on FortiGate.
Scope
FortiManager.
Solution
Prerequisites:
- Configure FortiManager as a local web filter rating server. (See the link in the 'Related articles' section at the bottom of this article.)
Schema of the configured environment:
Glossary and terminology:
- Antivirus (AV): Software designed to detect and remove computer viruses.
- Intrusion Prevention System (IPS): Security tool preventing unauthorized access and attacks on networks.
- Web Filtering (WF): Restricting or allowing web content access based on predefined criteria.
- Antispam (AS): Technology filtering and blocking unwanted email (spam).
- Rating Database: Repository of categorized information used for assessing the security or trustworthiness of entities, often in the context of web content, files, or outbreaks.
- FDS: Fortinet Distribution Server.
- FDN: Fortinet Distribution Network.
Testing the web-filter rating on FortiManager.
Acting as a local web-filter server, FortiManager makes it possible to locally access the FortiManager's web-filter database to review rating results, simulating a client (FortiGate) request:
diagnose fmupdate test fgd-url-rating < Hostname or IP of FortiGuard server> <Serial Number of the FortiGate> <Web-filter Category> <URL>
Below is an example that simulates a client (FortiGate) for a rating request on FortiManager:
diag fmupdate test fgd-url-rating 127.0.0.1 FGVM02TM22000794 41 https://www.fortiguard.com/wftest/41.html
The previous CLI command has been intentionally executed twice to illustrate that the response time may vary slightly for the same URL rating.
The command provides access to additional valuable information, including the local web-filter package version and the matched category (in hexadecimal).
It is possible to similarly perform the operation to simulate a query on a fallback public FDS server:
As predicted, the response time is considerably greater than when FortiGate makes a request to the local FDS server (FortiManager). This underscores the significance of utilizing FortiManager as a local web rating server. It is important to note that performing the same operation directly from FortiGate itself may result in longer response times.
Fortinet provides a tool to test and rate URLs: https://www.fortiguard.com/wftest/41.html where the number /xx.html is the category ID (replace it accordingly).
Use the cli command 'diag fmupdate fgd-wfas-rate wf' to see Webfiter/antispam rating speed:
To view web filter statistics on FortiGate, use the command 'diagnose webfilter stats list root': Counters increment with each user accessing a website. Depending on the configured web-filter policy on FortiGate, these HTTP/s requests may be blocked, allowed, monitored, or overwritten.
To check web filter logs in the CLI (FortiGate), run the following commands:
execute log filter category utm-webfilter
execute log display
Related article:
How to configure and optimize FortiManager as Local Web filter Server.