Hello FortiGuys,
here is a recommendation from Microsoft, how to do this technically:
Blocking adult content with SafeSearch or blocking Chat
Chat:
--- If you want to guarantee Chat is turned off for all users on your network, in your router or proxy server map www.bing.com to nochat.bing.com.
Any idea how to do that on a FortiGate ?
We are open to use Proxy-based policies, web filter, DNS Filter, or even try it with explicit proxy ....
I found that the safe-search part in the document linked abofe may be applied with the WebFilter,
but any idea how one would assure the second part described there:
chat-free searches through FortiGate ?
Found the "DNS-translation" feature, but this can only replace already resolved IPs by other fixed IPs confgured.
I cannot see it could replace a queried name by a configured CNAME before resolving it...
Thanks,
Frank
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Frank
I think this should be done by CNAME on your internal DNS server.
Well..
if you let internal clients surfing resolve external names and use the transparent proxy feature,
this may be an approach.
This particular customer uses an explicit proxy design,
where all name resolution for WebTraffic is done by the proxy.
Because of security concerns, internal Clients can only resolve names from internal zones
but not from public / internet DNS zones ..
an quite old concept... but it still breaks attack chains where DNS plays a role, ie to connect to C&C servers or dowload additional attack code...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.