This recipe explains how to use a static URL filter to block access to Facebook and its subdomains.
By using SSL inspection, you ensure that Facebook and its subdomains are also blocked when accessed through HTTPS protocol.
Find this recipe for other [glossary_exclude]FortiOS[/glossary_exclude] versions:
5.2 | 5.4
1. Enabling Web Filtering |
|
|
Go to System > Feature Select to enable the Web Filter feature. |
 |
2. Editing the default Web Filter profile |
|
|
Go to Security Profiles > Web Filter and edit the default Web Filter profile. To block Facebook, go to Static URL filter, select Enable URL Filter, and then click Create. |
 |
|
Set URL to *facebook.com. Set Type to Wildcard, set Action to Block, and set Status to Enable. |
 |
3. Creating the Web filtering security policy |
|
|
Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use. Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface. Enable NAT. |
 |
| Under Security Profiles, enable Web Filter and select the default web filter profile. |  |
| Enable SSL/SSH Inspection and select certificate-inspection from the dropdown menu. This allows the FortiGate to inspect and apply web filtering to HTTPS traffic. |  |
| After creating your new policy, make sure that it is at the top of the policy list. To move a policy up or down, click and drag the far left column of the policy. |  |
4. Results |
|
| Visit the following sites to verify that your web filter is blocking websites ending in facebook.com:
A FortiGuard Web Page Blocked! page should appear. |
 |
|
Visit https://www.facebook.com to verify that HTTPS protocol is also blocked. |
 |
For further reading, check out Static URL Filter in the FortiOS 5.4 Handbook.
The post Blocking Facebook with Web Filtering appeared first on Fortinet Cookbook.