This recipe explains how to block access to social media websites using FortiGuard categories. An active license for FortiGuard Web Filtering service is required.
Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network’s access to websites.
If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering.
1. Enabling the Web Filter feature |
|
|
Go to System > Feature Select and confirm that the Web Filter feature is enabled. |
 |
2. Editing the default Web Filter profile |
|
|
Go to Security Profiles > Web Filter and edit the default Web Filter profile. Confirm that the FortiGuard category based filter is enabled. |
 |
|
Right-click on the General Interest – Personal FortiGuard category. Scroll down to the Social Networking subcategory and right-click again. Select Block. |
 |
3. Adding the Web Filter profile to the Internet access policy |
|
|
Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use. Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface. Enable NAT. |
 |
|
Under Security Profiles, enable Web Filter and select the default web filter profile. Enable SSL/SSH Inspection and select certificate-inspection from the dropdown menu. This allows the FortiGate to apply web filtering to HTTPS traffic. |
 |
|
In order to be applied to Internet traffic, the new policy has to higher in the policy sequence than any other policy that could manage the same traffic. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence. To move a policy up or down, click and drag the far-left column of the policy. |
 |
4. Results |
|
|
Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com. A FortiGuard Web Page Blocked! message appears when attempting to visit sites in the blocked category. |
|
|
Go to FortiView > Websites and select the 5 minutes view. The blocked social networking sites are listed in the Domain column. |
 |
For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.
The post Blocking social media websites using FortiGuard categories appeared first on Fortinet Cookbook.