Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
bboudjema
Staff
Staff

Created on ‎02-20-2024 06:03 AM Edited on ‎02-21-2024 05:37 AM By Moderator

Article Id 300310

Technical Tip: How to test the web-filter rating on FortiManager

Description

 

This article describes how to test the web-filter rating on FortiManager and on FortiGate.

 

Scope

 

FortiManager.

 

Solution

 

Prerequisites:

  • Configure FortiManager as a local web filter rating server. (See the link in the 'Related articles' section at the bottom of this article.)

 

Schema of the configured environment:

 

Picture15.png

Glossary and terminology:

 

  • Antivirus (AV): Software designed to detect and remove computer viruses.
  • Intrusion Prevention System (IPS): Security tool preventing unauthorized access and attacks on networks.
  • Web Filtering (WF): Restricting or allowing web content access based on predefined criteria.
  • Antispam (AS): Technology filtering and blocking unwanted email (spam).
  • Rating Database: Repository of categorized information used for assessing the security or trustworthiness of entities, often in the context of web content, files, or outbreaks.
  • FDS: Fortinet Distribution Server.
  • FDN: Fortinet Distribution Network.

 

Testing the web-filter rating on FortiManager.

 

Acting as a local web-filter server, FortiManager makes it possible to locally access the FortiManager's web-filter database to review rating results, simulating a client (FortiGate) request:

 

diagnose fmupdate test fgd-url-rating < Hostname or IP of FortiGuard server> <Serial Number of the FortiGate> <Web-filter Category> <URL>

 

 

 

Below is an example that simulates a client (FortiGate) for a rating request on FortiManager:

 

diag fmupdate test fgd-url-rating 127.0.0.1 FGVM02TM22000794 41 https://www.fortiguard.com/wftest/41.html

 

 

Picture17.png

The previous CLI command has been intentionally executed twice to illustrate that the response time may vary slightly for the same URL rating.

The command provides access to additional valuable information, including the local web-filter package version and the matched category (in hexadecimal).

 

It is possible to similarly perform the operation to simulate a query on a fallback public FDS server:

 

Picture11.png

As predicted, the response time is considerably greater than when FortiGate makes a request to the local FDS server (FortiManager). This underscores the significance of utilizing FortiManager as a local web rating server. It is important to note that performing the same operation directly from FortiGate itself may result in longer response times.

Fortinet provides a tool to test and rate URLs: https://www.fortiguard.com/wftest/41.html where the number /xx.html is the category ID (replace it accordingly).

 

Use the cli command 'diag fmupdate fgd-wfas-rate wf' to see Webfiter/antispam rating speed:

 

Picture16.png

 

To view web filter statistics on FortiGate, use the command 'diagnose webfilter stats list root': Counters increment with each user accessing a website. Depending on the configured web-filter policy on FortiGate, these HTTP/s requests may be blocked, allowed, monitored, or overwritten.

 

Picture13.png

To check web filter logs in the CLI (FortiGate), run the following commands:

 

execute log filter category utm-webfilter
execute log display

 

Picture14.png

 

Related article:

How to configure and optimize FortiManager as Local Web filter Server.

414
Submit Article Idea
Comments
r_jordan
Staff
Staff
‎02-20-2024 07:47 AM

great job!

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.