How to Configure Web Filtering on the FortiGate Firewall

Configuring and applying web filtering in a FortiGate Firewall is simple enough. The exact steps will change depending on which version of the Next-Gen OS you are using in your FortiGate firewall. Here’s an overview of how the process works. 

First, make sure the FortiGate Firewall is in Next-Gen Firewall mode. After ensuring that the Next-Gen mode is enabled, ensure that the OS is configured to use profiles or is in profile mode. 

Once profile mode is enabled in your FortiGate Firewall, you need to create a profile for web filtering. There are various options that you can use for filtering in your FortiGate web filtering profile. We’ll discuss some of those options at a high level below, but check the documentation on FortiGate’s website for more details. 

After creating that web filtering profile, associate that profile with the policies for your FortiGate Firewall, and you will be good to go!

An Overview of Configuring Web Filtering on the FortiGate Firewall

In this video, CBT Nuggets trainer Keith Barker covers why you will want to filter web content in your FortiGate Firewall — and what kind of content the Next-Gen OS can filter.

Why it May be Important to Enable Web Filtering on a FortiGate Firewall?

There are various reasons you may want to block or filter web content on a firewall.  Organizations want to limit the content their employees can access online. While employees may feel like employers want to control what they can do during work hours, the truth is that IT folk need to ensure that equipment operates properly and stays safe. There needs to be mechanisms of control in place for that. 

So, why do you want to enable web filtering in a firewall?

One of the benefits of filtering web content is blocking inappropriate content in the workplace. It’s easy to point at porn as an example, but there is a lot of other content that can be offensive online. We work in diverse environments, and everyone may not be aware of content that may offend co-workers. It’s easier to nip the problem in the bud before it happens. 

Another reason to enable web filtering is to protect bandwidth in the organization. Businesses have a limited pipe coming into their buildings. There’s only so much data you can fit in that pipe, and it can get filled quickly if everyone is streaming YouTube videos or music on Spotify. 

Finally, we want to block malicious content. This makes sense from a security standpoint. We need to ensure exploits aren’t introduced into the business or sensitive data isn’t exfiltrated. 

Of course, these reasons help ensure that computers continue to work as expected in the workplace. 

What Web Traffic Can be Filtered on a FortiGate Firewall?

Now that you know why you want to filter content in a firewall, let’s discuss what kind of content you can filter. First, you can block specific URLs. Blocklisting and allowlisting URLs are one of the original ways to block content online. If you want to block the Facebook website, add facebook.com to the blocklist. URL filtering also supports wildcards so that you can block all content from a specific domain or only specific pages from a domain. 

With Next-Gen FortiGate firewalls, we can also filter content based on content and applications. The FortiGate Next-Gen Firewall uses heuristics and AI to analyze traffic and block it based on specific criteria. 

Another option is to block content based on category. FortiGate has an extensive list of websites that categorizes them based on what they offer. For instance, Facebook is considered a social media website, while Skype is regarded as a telephony website. Administrators can block all social media or telephony websites in their rules. 

How to See Which Category a Website Belongs to for Category Filtering for FortiGate

After reading the section above, you may be wondering how to check which category a website belongs to in the FortiGate Firewall list. FortiGate offers tools to check this. Navigate to this website: https://www.fortiguard.com/webfilter

In the form on that website, enter the URL of the domain in question. Then select the Fortinet OS version you are using in your Firewall and perform your search. 

FortiGate will return the results for the domain explaining which category it is listed under in the Fortinet OS. 

Want to Learn How to Use Fortinet's FortiGate Firewall?

FortiGate is one of the most popular firewalls for enterprise and SMB environments. Are you ready to learn more about how to leverage Fortinet’s popular firewall platform? CBT Nuggets has a variety of training that focuses on how to get the most out of FortiGate.