Fortigate – how to turn on web classification

This is actually part of the web filtering functionality built into the Fortigate firewall. In this post I’ll offer give basic information on how to turn on the classification for later processing in a future post.

To enable this, go to Security Profiles -> Web Filter. In the upper right hand side of the window you should find a + symbol. Click to add a new profile.

20150825-fortigate-webfilter-001You’ll notice that there isn’t much set as default and you’ll need to make a few adjustments. I am naming mine monitoring examplefor the purpose of this post.

For this example I’ll be setting up a ‘monitoring’ web filter. This means that anything that would trigger the filter is only logged for further analysis and not acted upon.

Click the toggle for ‘flow based’ execution – this allows us to set the filter easily on policies and not need to make any adjustments for proxy settings, or even forced proxy settings. This removes a few options that aren’t needed for this example.

Click the ‘FortiGuard Categories’ box and the grey box will now change. Now right-click the master categories and select ‘Monitor’. Also select the following two check boxes:

  • Allow Websites When a Rating Error Occurs
  • Rate URLs by Domain and IP Address

Your webpage should then look like the following:

20150825-fortigate-webfilter-002

All of the master categories are now shown as a blue computer symbol showing you that each is in a monitoring state.

Speaking of different states there are a couple of different choices you can choose from:

  • Allow – log and allow the URLs to pass through
  • Block – log and deny the URLs as categorized
  • Monitor – just log the URLs and make no decisions

Now you need to apply this web filter to a firewall policy, perhaps on the outbound policy from your network to the Internet.

You do this by setting the ‘Web Filter’ property to your newly created web filter policy above. This will also turn on the ‘SSL/SSH Inspection’ property as well. You’ll also notice in my screenshot below that I also have a policy called ‘measure-applications’ in the ‘Application Control’ policy. This allows me to also capture usage of traffic by application and log it for later reporting an analysis. Creating this policy is just as easy as the one listed above.

20150825-fortigate-webfilter-003

For a list of Fortigate categories check out this link.