Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
syu
New Contributor III

Web Filter override and related queries

Hi, there

 

I configured Web Filter override for certain user group. User can now enter username and password to override for 15 min (not user changeable).

 

However from logging/reporting perspective, is there anyway to see who is overriding the web filter? How long left for the override duration and how to revoke the web filter override for certain user if needed?

 

Plus, it doesnot seem like Web override can not use the same user account for authentication? For example, USER1 belong to Group1 which is configured for override authentication. USER1 is browsing to www.abc.com which is blocked by filter profile. USER1 can not use her/his account to override, right?

 

Maybe asking too much but can not find a manual to give me answers...

 

2 Solutions
vmartin_FTNT
Staff
Staff

There is a recipe for 5.2 about overriding a web filter, which you can find here.

 

I used the scenerio in the recipe to look at the logs. The best place to find information about who was using the override was in the Forward Traffic log, where you could see one user (bwayne) being blocked, while the other user (ckent) was able to access a website that would otherwise be blocked. I've attached a screenshot of my results.

 

In 5.2, once a user authenticates, they automatically use the override if it has been set up for them. This means that they can use their regular account for authentication.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

View solution in original post

vmartin_FTNT
Staff
Staff

I don't believe there is a log dedicated to the overrides.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

View solution in original post

7 REPLIES 7
syu
New Contributor III

Anyone? No one?

vmartin_FTNT
Staff
Staff

Hello,

 

What version of FortiOS are you using?

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

syu
New Contributor III

Right now the 1500Ds are running version 5.2.3,build670

vmartin_FTNT
Staff
Staff

There is a recipe for 5.2 about overriding a web filter, which you can find here.

 

I used the scenerio in the recipe to look at the logs. The best place to find information about who was using the override was in the Forward Traffic log, where you could see one user (bwayne) being blocked, while the other user (ckent) was able to access a website that would otherwise be blocked. I've attached a screenshot of my results.

 

In 5.2, once a user authenticates, they automatically use the override if it has been set up for them. This means that they can use their regular account for authentication.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

syu
New Contributor III

Thanks, I checked the recipe before did my posting.

 

I guess your point of the log is more of correlating of information to reveal the user override instead of dedicated page for the override information.

vmartin_FTNT
Staff
Staff

I don't believe there is a log dedicated to the overrides.

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

syu
New Contributor III

vmartin wrote:

I don't believe there is a log dedicated to the overrides.

Thanks I thought so :) I know Fortigate is not dedicated web filter appliance but it might be nice to have for reporting though.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors