Can anyone tell me the exact process of webfiltering? We had a phishing test and a couple users clicked a link in an email. The FW blocked the site as a Newly Registered Domain but the vendor conducting the test said he sees that the two clicks actually hit his server.
Fortigate 500D v 6.04. Firewall policy for web browsing is using default ssl-certificate inspection profile. site was using port 80 and not 443 and has web filtering profile assigned
Maybe the users that could connect where not behind the firewall, could be from home or on there SmartPhone using 4/5G?
If the FTG Webfilter sees the domain as Newly Registered Domain and the action is block, it will blok it for everey session. However, if the WEB filter service is not reachable, you can choose to allow all traffic during the "down" time or to block it. So it could be, the WEBfilter service was temporary not reachable and if you allow the traffic during unreachable there can be some users who slipped through
Web filtering to control and restrict access to certain websites or web content based on predefined policies and criteria. The exact process of web filtering process is like when a user tries to access a website or web resource, their web traffic passes through a network security appliance or firewall. The URL of the requested website is analyzed. This step involves categorizing the URL into various categories such as "Social Media," "News," "Phishing," "Malware," etc. This categorization is typically based on predefined databases or heuristics. Policies that dictate what types of web content are allowed and what should be blocked. These policies can be based on categories, keywords, specific URLs, or other criteria. In many cases, users are required to authenticate themselves before accessing the internet. This allows for user-specific policies to be applied.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.