Fortigate Web Filter

 1. Inspection Modes:

     Flow-base  - for performance
     Proxy-base  - two TCP connections, add latency,  more thorough, all security profiles

2. NGFW Mode

    Profile-based: applicable for flow-based and proxy based inspection mode
    Policy-based: app and web filtering applied directly to the policy, only to flow-based inspection.
          Needs SSL inspection & Authentication policy first

3. Web Filter
     based on HTTP GET request

4. Web Filter Profiles -Flow Base
    Fortigard categories
    Static URL
    Rating option

5. Web Filter Profiles -Proxy Base
    Local categories
    Remote categories
    Search Engines
    Proxy options

6. Can use FotiManger instead of Fortigate for web rating.

7. Determine web rating
    www.fortiguard.com/webfilter/categories

8. Categories Action

9. External Threat Feeds
  Security Fabric > External Connectors > Threat Feeds: 
      FortiGuard Category
          Used in: Web Filter > Remote Categories

     IP address
         Used in:  DNS filter > External IP Block Lists 
     Domain Name
         Used in: DNS filter > Remote categories 

 

10. Web Rating override and Custom Categories
      Reassign a hostname to a completely different category 

11. Web Profile Overrides
      Override web filter profile for user, user group or source IP.

12. Web Content Filtering (requires SSL deep inspection )

13. Advaced Web Filter Setting
     Allow websites when a rating error occurs -  (when no license needs this)

14. DNS Filter

15. File Filter