Hello,
we have been asked to implement the UK Government's Prevent agenda web filtering to stop people going to radicalisation sites etc. Does anyone have any guides or notes on what to do to implement it on the FortiGate firewalls?
Thanks,
Paul
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't have any official guides or notes, but some quick thoughts:
You probably want to look through the Web Filter Categories: [link]https://fortiguard.com/webfilter/categories.[/link]
Blocking the "Extremist Groups" category using both Web Filter and DNS Filter would be a start.
You would need to do SSL inspection. Note that this means you need to deal with setting up your own internal certificate authority and making sure all users have your certificate installed. This will absolutely require work to avoid causing issues for sites and apps that use certificate pinning or have privacy issues.
To avoid people working around the filters you'd need to block the "Proxy Avoidance" category through web and dns filters, and "Proxy" category through Application Control. Note that this might block valid VPN use, so you might need to tweak the settings.
Beyond that start, I would contact TAC directly. They may already have a template to follow.
I don't have any official guides or notes, but some quick thoughts:
You probably want to look through the Web Filter Categories: [link]https://fortiguard.com/webfilter/categories.[/link]
Blocking the "Extremist Groups" category using both Web Filter and DNS Filter would be a start.
You would need to do SSL inspection. Note that this means you need to deal with setting up your own internal certificate authority and making sure all users have your certificate installed. This will absolutely require work to avoid causing issues for sites and apps that use certificate pinning or have privacy issues.
To avoid people working around the filters you'd need to block the "Proxy Avoidance" category through web and dns filters, and "Proxy" category through Application Control. Note that this might block valid VPN use, so you might need to tweak the settings.
Beyond that start, I would contact TAC directly. They may already have a template to follow.
raising a ticket with Fortinet about this.
Thanks,
Paul
Good plan, though while I was formulating my own response to this question I did a quick research on UK Government's Prevent agenda web filtering and concluded because of the scope and potential liability you may be better off contacting Fortinet and/or a Fortinet partner to assist with designing the web filter/content policies and have someone higher up in your organization sign off on the implementation. IMO.
paul.woods@durham.gov.uk wrote:raising a ticket with Fortinet about this.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.