Web Filtering Module Objectives By the

Web Filtering

Module Objectives • By the end of this module participants will be able to: • Identify the web filtering mechanisms used on the Forti. Gate device • Create web content and URL filters • Configure Forti. Guard Web Filtering • Configure Forti. Guard Web filtering overrides • Define firewall policies using web filter profiles

Web Filtering • Means of controlling the web content that a user is able to view • Preserve employee productivity • Prevent network congestion where valuable bandwidth is used for non-business purposes • Prevent loss or exposure of confidential information • Decrease exposure to web-based threats • Limit legal liability when employees access or download inappropriate or offensive material • Prevent copyright infringement caused by employees downloading or distributing copyrighted materials • Prevent children from viewing inappropriate material

Web Content Filtering Create Pattern list in the CLI Drugs Score=10 Pharmacy Score=5 Prescription Score=5 Threshold=18 10 +5 +5 =20 Block or Exempt www. acme. com

Web Content Filtering Create Pattern list in the CLI Drugs Score=10 • Control web access by allowing or blocking web pages containing specific. Pharmacyor words Score=5 patterns Prescription • Wildcards or regular expressions Score=5 used to can be define patterns Threshold=18 • The scores assigned to matched patterns 10 +5 +5 =20 are added Block or Exempt • If higher than the threshold, the Forti. Gate unit performs the configured action • Score for matched patterns is counted once even if it appears multiple times on the web page www. acme. com

Flow-based Web Filtering • Non-proxy solution that uses IPS engine to perform inspection • Forti. Guard web filtering override will not apply when flow-based inspection is enabled • Example: • Block IT category and allow override for www. fortinet. com • If user attempts to access www. fortinet. com (IT category), user will receive Page Not Found error

Flow-based Web Filtering • Select inspection mode in web filter profile • In the CLI: config webfilter profile edit “default” set flow-based enable

Web URL Filtering URL Filter list www. example. com URL: www. mypage. com www. abc. com www. mypage. com Block Allow Monitor Exempt www. mypage. com

Web URL Filtering URL Filter list www. example. com URL: www. mypage. com www. abc. com • Control web access by allowing or www. mypage. com blocking specific URLs • Text, wildcards or regular expressions can be Block used to define the URL patterns Allow • Possible actions include: Monitor Exempt • Block • Allow • Monitor • Exempt www. mypage. com

Safe. Search Safe Search: Google Bing Yahoo! Search: chicken&safe=on Search: chicken

Safe. Search Safe Search: Google Bing Yahoo! • Safe. Search is used by search sites to Search: chicken&safe=on prevent explicit web sites and images from appearing in search results • Forti. Gate unit rewrites the search URL Search: chicken to include the required codes to enable Safe. Search • Supported on Google, Bing and Yahoo!

Forti. Guard Web Filter URL: www. mypage. com Categories Allow Block Monitor Warning Authenticate www. mypage. com

Forti. Guard Web Filter Categories • The Forti. Gate unit accesses the Forti. Guard distribution server to determine the category of. Allow a requested Block page URL: www. mypage. com Monitor • Action is taken based on selection in web Warning filtering profile Authenticate • Web filter rating determined by: • Human rater • Text analysis www. mypage. com • Exploitation of web structure

Forti. Guard Web Filter Categories Click here to read more Forti. Guard Web Filtering categories

Forti. Guard Web Filtering Cache URL: Category www. acme. com www. today. ca www. poker. net Phishing News/Media Gambling www. xyz. com

Forti. Guard Web Filtering Cache URL: Category www. acme. com www. today. ca www. poker. net Phishing News/Media Caching Gambling • improves performance by reducing Forti. Gate unit requests to Forti. Guard servers • Cache checked before sending request to Forti. Guard server • TTL settings controls the number of second query results are cached www. xyz. com • Small amount of Forti. Gate unit system memory dedicated to the cache • Alternate port number of 8888 can be configured for access to Forti. Guard servers

Forti. Guard Web Filtering Usage Quotas “Games” Quota Category: Games

Forti. Guard Web Filtering Usage Quotas “Games” Quota Category: • Quotas allow access to specific categories Games for a specific length of time • Calculated separately for each user and for each category • User must authenticate “Games” Quota

Local Ratings Local ratings www. acme. com Sub-Category: Information and Computer Security Category: General Organizations

Local Ratings Local ratings Category: General Organizations • Can override the rating applied to a URL by Forti. Guard Subscription Services • URL reassigned to a completely different category • Override applies to Forti. Gate unit only • Changes not submitted to Forti. Guard Subscription Services www. acme. com Sub-Category: Information and Computer Security

Local Categories Create New Local Category config webfilter ftgd-local-cat edit "Research“ set id 145 next end

Local Categories Create New Local Category config webfilter ftgd-local-cat edit "Research“ set id 145 next end • Local categories allow logging of web traffic to a category created by an administrator • Appears under Local Categories section in Forti. Guard Categories listing

Forti. Guard Web Filtering Overrides Category: Spyware and Malware Block Log Authenticate www. acme. com

Forti. Guard Web Filtering Overrides Category: web. Spyware and Malware sites blocked by • Allows access to Forti. Guard Web Filtering Block • Two methods: Log Authenticate • Warning • Allows user to proceed to blocked web site • Authenticate • User must authenticate to override web site block www. acme. com

Web Filtering Override Page Action = Warning Web Filtering Block Override Page

Web Filtering Override Page Action = Authenticate Web Filtering Block Override Page

Web Filtering Overrides Marketing www. hackthissite. org Filter Override

Web Filtering Overrides Marketing • Allows access to web sites blocked through URL or web content filtering • Override page presented, user must authenticate www. hackthissite. org

Order of Web Filtering URL Filter Forti. Guard Web Filter Web Content Filter Advanced Filter Options

Web Filter Profiles Web filter profile: Firewall policy

Web Filter Profiles Web filter profile: • Web filtering, Forti. Guard web filtering and advanced filtering options enabled through web filtering profiles • Profile in turn applied to firewall policy • Any traffic being examined by the policy will have the web filtering operations applied to it Firewall policy

Labs • Lab - Web Filtering • Testing Web Category Filtering • Configuring Web Filtering Warnings • Configuring Web Filtering Quotas Click here for step-by-step instructions on completing this lab

Student Resources Click here to view the list of resources used in this module