- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Implementing UK Prevent agenda web filtering
Hello,
we have been asked to implement the UK Government's Prevent agenda web filtering to stop people going to radicalisation sites etc. Does anyone have any guides or notes on what to do to implement it on the FortiGate firewalls?
Thanks,
Paul
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have any official guides or notes, but some quick thoughts:
You probably want to look through the Web Filter Categories: [link]https://fortiguard.com/webfilter/categories.[/link]
Blocking the "Extremist Groups" category using both Web Filter and DNS Filter would be a start.
You would need to do SSL inspection. Note that this means you need to deal with setting up your own internal certificate authority and making sure all users have your certificate installed. This will absolutely require work to avoid causing issues for sites and apps that use certificate pinning or have privacy issues.
To avoid people working around the filters you'd need to block the "Proxy Avoidance" category through web and dns filters, and "Proxy" category through Application Control. Note that this might block valid VPN use, so you might need to tweak the settings.
Beyond that start, I would contact TAC directly. They may already have a template to follow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have any official guides or notes, but some quick thoughts:
You probably want to look through the Web Filter Categories: [link]https://fortiguard.com/webfilter/categories.[/link]
Blocking the "Extremist Groups" category using both Web Filter and DNS Filter would be a start.
You would need to do SSL inspection. Note that this means you need to deal with setting up your own internal certificate authority and making sure all users have your certificate installed. This will absolutely require work to avoid causing issues for sites and apps that use certificate pinning or have privacy issues.
To avoid people working around the filters you'd need to block the "Proxy Avoidance" category through web and dns filters, and "Proxy" category through Application Control. Note that this might block valid VPN use, so you might need to tweak the settings.
Beyond that start, I would contact TAC directly. They may already have a template to follow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
raising a ticket with Fortinet about this.
Thanks,
Paul
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good plan, though while I was formulating my own response to this question I did a quick research on UK Government's Prevent agenda web filtering and concluded because of the scope and potential liability you may be better off contacting Fortinet and/or a Fortinet partner to assist with designing the web filter/content policies and have someone higher up in your organization sign off on the implementation. IMO.
paul.woods@durham.gov.uk wrote:raising a ticket with Fortinet about this.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
