Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
mzainuddinahm
Staff & Editor
Staff & Editor

Created on ‎06-01-2021 11:02 PM Edited on ‎07-28-2025 10:29 PM By Community Manager

Article Id 196170

Troubleshooting Tip: How to block images with a Content Analysis profile

Description

 

This article describes how to block images by using a Content Analysis profile. Content Analysis is a licensed feature that allows users to detect adult content in real time.

This service is a real-time analysis of the content passing through the FortiProxy. Unlike other image analysis tools, this one does not just look for skin tone colors but can detect limbs, body parts, and the position of bodies.


After adult content is detected, such content can be optionally blocked or reported.

 

Scope

 

FortiProxy.


Solution

 

To use Content Analysis, it is necessary to set up at least one profile and apply it to a policy. Content Analysis profiles are configured under Content Analyses -> Image Analysis.

 

  1. Create or edit a Content Analysis profile. Select 'Create New' to open the 'Create Content Analysis' window.


  1. After configuring settings in the New Content Analysis Profile window or Edit Content Analysis window and then select 'Apply'.

Note.

  • Deep SSL Inspection should be used for Image Analysis.
  • Select a strictness value between 0 and 100. The higher the image score, the more chance of the image being explicit. The challenge with this setting is that if it is set too high, it will block legitimate images. To set it too low, it will allow explicit images through. If the image score is above this setting, the Rating Error Action is taken.
  • Apply an antivirus profile with legacy mode enabled.

config antivirus profile
    edit "profile-name"
        set scan-mode legacy
end

 

Legacy: Enables legacy mode, which forces the scanunit to scan all files regardless of type or size.

 

For now, and after the release of firmware v2.0.5 GA, FortiProxy can cache some blocked images in the local RAM disk, allowing the administrator to review them from the Content Analysis logs.


Enable the blocked-image cache in the Content Analysis profile.


config image-analyzer profile

    edit "<profile-name>"

        set blocked-img-cache enable

    next

end

 

Specify the maximum size of the blocked-image cache and set the caching mode:

 

config system global

    set max-img-cache-size 60 <----- Maximum space (MB) that can be used by image-analyzer to store blocked images into RAM disk (Min 30, Max 300, default 60).

    set img-cache-mode (stop|rolling)

end

 

Options:

Stop: Stop caching blocked images into the RAM disk when the limit is reached.
Rolling: Evict old cached images when the limit is reached (default).

 

Limitation:

Using Optical Character Recognition (OCR) to block credit card information is not feasible with Image Analysis.

Labels:
1912
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.