Hi,
I have recently come across a doubt regarding whether, FortiNet Web Filtering can be used for blocking the access to various social media sites like, Facebook, Twitter, Instagram, etc. If yes, may I know the process involved, please.
Thanks in Advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The short answer is yes. As an example, see http://cookbook.fortinet.com/blocking-facebook-56/, the admin guide --> https://docs.fortinet.com/uploaded/files/3999/fortios-handbook-56.pdf, or the Security Profiles guide --> https://docs.fortinet.com/uploaded/files/3648/fortigate-security-profiles-56.pdf.
The short version is that you can use web filter profiles applied to traffic to allow/deny based on category, as well as specifying url filters to allow/deny specific sites. In order to handle ssl sites, ssl inspection (certificate inspection) will need to be enabled to inspect the ssl client hello and certificate to determine the site for any ssl related communication.
Note that you will also need full UTM licensing in order to utilize web filtering features.
The short answer is yes. As an example, see http://cookbook.fortinet.com/blocking-facebook-56/, the admin guide --> https://docs.fortinet.com/uploaded/files/3999/fortios-handbook-56.pdf, or the Security Profiles guide --> https://docs.fortinet.com/uploaded/files/3648/fortigate-security-profiles-56.pdf.
The short version is that you can use web filter profiles applied to traffic to allow/deny based on category, as well as specifying url filters to allow/deny specific sites. In order to handle ssl sites, ssl inspection (certificate inspection) will need to be enabled to inspect the ssl client hello and certificate to determine the site for any ssl related communication.
Note that you will also need full UTM licensing in order to utilize web filtering features.
Hi there,
Just to add onto what blackhole_route was saying.... The Webfilter itself is looking at the http request, but most/all social media websites use https and actually fall into the "web app" category. As noted, the combination of security profiles is needed to properly give or deny access to web resources.
Cheers,
Sidewaysguy
Hi Guys,
Can you help me with a doubt. I' evaluating Fortigate as an option to replace the actual Gateway in my job.
One requirement i need to be accomplished by the device is web content filtering feature.
I saw in a previous message on this thread that I need to have a full UTM license in order to enable this feature in a Fortigate. Is it mandatory or could I access to a basic web content filtering if I don't buy this license?
Excuse me for my english, I hope that you understand my question.
Thank you very much in advance for your assistance.
Regards.
<disclaimer> I am not a representative of Fortinet - just a customer. </disclaimer>
My understanding and experience is that for web filtering, you must have the full UTM license.
There may be some ability to use explicit proxy functionality with static url matching, but that would not be a desirable or satisfactory option even if it did work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.