Transparent Web Filtering Using a Virtual Wire Pair

1. Configure the management interface

Port 1 is chosen to the be the management interface. If the management interface isn’t already configured, it can be configured through the CLI.

Using a console cable, access the Fortinet command line interface, and configure the management port IP address, default gateway, and DNS.

At the CLI prompt, enter:

config system interface  
      edit port1
      set ip 172.31.1.254/24
   end

config router static
     edit 1
          set gateway 172.31.1.1
          set device port1
     end
 end

config system dns
      set primary 208.91.112.53
      set secondary 208.91.112.52
 end

Once the management IP address is set, access the FortiGate login screen using the new management IP address.

2. Configure the Virtual Wire Pair

On the FortiGate, go to Network > Interface

Select Create New > Virtual Wire Pair

In the New Virtual Wire page, assign the interface name, assign the interface members, and select Wild Card VLAN if multiple VLANs are being used on the connection.

3. Configure the Virtual Wire Pair Policy & Enable Web Filtering

On the FortiGate, go to Policy & Objects > IPv4 Virtual Wire Pair Policy. 

Create a new policy, assign the policy name, select bidirectional traffic flow (dual arrows) for the wire pair, and assign the Source, Destination, Schedule, Service, and Action as needed. 

Under Security Profiles, enable Web Filter and select the applicable policy.

4.  Results

Once the virtual wire policy is created, traffic should now flow through the virtual wire pair and web filtering should be enabled. 

Traffic can be verified by going to FortiView > All Sessions and review the source and destination ports.  Traffic should be visible flowing across ports 2 and 3.