Scribd Logo
Upload

Welcome to Scribd!

  • 3 views

    68-Web Filter Lab

    Uploaded by

    Abhishek garg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    68-Web Filter Lab

    Uploaded by

    Abhishek garg
    3 views12 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views12 pages

    68-Web Filter Lab

    Uploaded by

    Abhishek garg

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    Web Filter Profile Lab:

    Go to Security Profiles > Web Filter there are preloaded three predefined web filters.

    Custom URL Filter:


    To create URL filter, go to Security Profiles > Web Filter and go to the Static URL Filter section.
    Enable URL Filter.

    1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Under URL Filter, click Create New to display New URL Filter pane. Enter *facebook.com, select
    Wildcard, and select Action Block Also Status Enable finally, click OK button.

    URL Filter Type Description


    Simple FortiGate tries to strictly match the full context. www.facebook.com in the
    URL field, it only matches traffic with www.facebook.com. It won't match
    facebook.com or message.facebook.com.
    Regular FortiGate tries to match the pattern based on the rules of regular
    Expression or expressions or wildcards. if enter *fa* in the URL field, it matches all the
    Wildcard content that has fa such as www.facebook.com, message.facebook.com,
    fast.com, etc.

    Action Description
    Block Denies or blocks attempts to access any URL matching the URL pattern.
    FortiGate displays a replacement message.
    Allow The traffic is passed to the remaining FortiGuard web filters, web content
    filters, web script filters, antivirus proxy operations, and DLP proxy
    operations. If URL does not appear in the URL list, the traffic is permitted.
    Monitor Traffic is processed the same way as the Allow action. For the Monitor
    action, a log message is generated each time a matching traffic pattern.
    Exempt Traffic is allowed to bypass the remaining FortiGuard web filters, web
    content filters, web script filters, antivirus scanning, DLP proxy operations

    2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    To attach a web filter profile to a firewall policy, Go to Policy & Objects > Firewall Policy. Edit
    the policy that you want to enable the web filter. In the Security Profiles section, enable Web
    Filter and select the profile created.

    Verification & Testing:


    Validate the URL filter results by going to a blocked website. Go to the Facebook website, you
    see the replacement message.

    3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    To check web filter logs in the GUI, Go to Log & Report > Web Filter.

    FortiGuard Filter:
    To block category, go to Security Profiles > Web Filter and go to the FortiGuard category based
    filter section.

    4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Action Description
    Allow Permit access to the sites in the category.
    Block Prevent access to the sites in the category. Users trying to access a blocked
    site sees a replacement message indicating the site is blocked.
    Monitor Permits and logs access to sites in the category.
    Warning Displays a message to the user allowing them to continue if they choose.
    Authenticate Requires the user to authenticate with the FortiGate before allowing access.

    Open the Bandwidth Consuming- section by clicking the + icon beside it. Select Streaming
    Media and Download and then select Block.

    To attach a web filter profile to a firewall policy, Go to Policy & Objects > Firewall Policy. Edit
    the policy that you want to enable the web filter. In the Security Profiles section, enable Web
    Filter and select the profile created.

    5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Verification & Testing:
    Validate the URL filter results by going to a blocked website. Go to the YouTube website, you
    see the replacement message.

    To check web filter logs in the GUI, Go to Log & Report > Web Filter.

    6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Warning Message:
    To configure a warning, go to Security Profiles > Web Filter and go to the FortiGuard category
    based filter section. Open the General Interest - Business section by clicking the + icon beside it.
    Select Web Hosting and then select Warning.

    Set the Warning Interval which is the interval when the warning page appears again after the
    user chooses to continue.

    To validate that configured the warning, Go to a website belonging to the selected category, for
    example, www.godaddy.com & see warning page where you can choose to Proceed or Go Back.

    7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Authenticate Message:
    To configure an authentication, go to Security Profiles > Web Filter and go to the FortiGuard
    category based filter section. Open the General Interest - Business section by clicking the + icon
    beside it. Select Web Hosting and then select Authenticate.

    Set the Warning Interval which is the interval when the authentication page appears again after
    authentication. Click the + icon beside Selected User Group and select a user group. You must
    have a valid user group to use this feature.

    8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    To validate that configured the warning, Go to a website belonging to the selected category, for
    example, www.godaddy.com & see warning page where you can choose to Proceed or Go Back.

    Click Proceed to check that the authentication page appears. Enter the username and password
    of the user group you selected and click Continue. If the credentials are correct, the traffic is
    allowed through.

    9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Usage Quota:
    To configure a Category Usage Quota, go to Security Profiles > Web Filter. Navigate to
    FortiGuard Category Based Filter first and enable Monitor.

    When Feature Set is Proxy-based it will show Category Usage Quota option down.

    In the Category Usage Quota section, select Create New. In the right pane, select the Category
    field and then select Streaming Media and Download. For the Quota Type, select Traffic and set
    the Total quota to 1024 KB. Select OK and the Category Usage Quota section displays.

    10 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Validate the configuration by visiting YouTube URL, www.youtube.com

    Go to Dashboard >Click on Plus icon to add new Monitor search for FortiGuard Quota.

    When the quota reaches its limit, traffic is blocked, and the replacement page displays.

    11 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717


    Check the used and remaining quota in Dashboard>Monitor > FortiGuard Quota Monitor.

    Navigate to Log & Report > Web Filter to check the logs for Quota Limits.

    12 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , WhatsApp: 00966564303717

    You might also like