Quantcast
Channel: Fortinet Cookbook
Viewing all articles
Browse latest Browse all 690

Web filtering using quotas

$
0
0

This recipe demonstrates how to set up a web filter security profile with a quota that dynamically limits the amount of time users on an internal network can access websites categorized as “General Interest.”  

You can also apply quotas to specific users on your network by creating granular policies that apply different quotas to different user groups using specific firewall addresses or needing authentication.

See User and device authentication for information about creating user accounts.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Enabling web filtering

Go to System > Feature Select and confirm that Web Filter is ON. If necessary, click Apply to make your changes.

Feature select enable web filter 

2. Creating a web filter profile that uses quotas

Go to Security Profiles > Web Filter. Edit the default profile and enable FortiGuard category based filter.
 
Right-click on the category General Interest – Personal and select Monitor. Do the same for the category General Interest – Business.
 
These categories include a variety of sites that are commonly blocked in the workplace, such as games, instant messaging, and social media. For a complete description of each web filtering category, visit the FortiGuard Web Filtering page. 
Turn on FortiGuard categories and monitor general interest 
Under Category Usage Quota, select Create New.
 
Select both General Interest – Personal and General Interest – Business. For testing purposes, set the Quota to 5 Minutes.
Create five minute quota 
The web filter now displays all the General Interest sub-categories and the applied quota.  Sub-category list and quota applied

3. Adding web filtering to a security policy

Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Web Filter and use the default profile.

Note: If you are applying quotas to specific users or devices, edit Source Address to apply the policy only to them.

Edit the default Web Filter security policy 

4. Results

 
Browse to www.ebay.com, a website in the General Interest – Personal category.
 
Access to the website is allowed for 5 minutes, after which time  a “web page blocked” message appears. The message appears each time users affected by the security policy try to access General Interest sites until the quota is reset (every 24 hours at midnight).
FortiGuard web page blocked message

Go to FortiView > Threats and select the 5 minutes view. You can see the blocked traffic.

FortiView Threats results

For further reading, check out Blocking Social Media using FortiGuard Categories, Blocking Facebook with Web Filtering, and FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

An active license for FortiGuard Web Filtering Services is required to use web filtering with quotas.

The post Web filtering using quotas appeared first on Fortinet Cookbook.


Viewing all articles
Browse latest Browse all 690

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>