Web Fileter [ Web Filter Function Profile ]

Define a profile of UTM Web filtering to be utilized at Firewall Policy.

At the Web Filter Profile, you can specify either "Blocked Categories" (Blocking per Category) or "URL Filtering" (Blocking per URL).

The Web Filter and the Global URL List have been keyed to each other as described below:
相関図

The Web Filtering defects URLs, based on the following order. If anything matched with the blocked categories, the web filtering will apply the current URL definition.
First, the URL specified by URL Filtering will be detected. In case of suggesting "Blocking", the URL will be blocked, whereas in case of suggesting "exempt", the URL will NOT be blocked.

After detection of the URL Filtering, you need to check the Global URL Lists. The URL listed up at the Blacklist will be blocked, whereas the URL listed at the Whitelist will NOT be blocked.

After checking the Global URL List, the URL has been examined whether or not the URL is defined as Blacked Categories. If so, that URL in Blacklist will be blocked.
If the URL has been done the rating as Black Categories, the URL will be blocked. Otherwise, the URL will not be blocked.

Please do NOT apply the Web Filtering to the outgoing traffics from the Proxy to the Internet. The UTM function may NOT perform correctly, due to the Proxy Scope or its settings.

Web Filter Profile Default Value

The default Web Filtering Profile shows by clicking [ Web Filter ] at the default settings.
既定のWeb Filterプロファイル

The default Web Filter has ticked the following checkboxes, such as [Malicious Websites], [Phishing], and [Spam URLs], at the [Blocked Categories]. Besides, the URL Filter has not been yet specified by default.
You can also edit to configure your own unique Web Filter profile, while you can use the default Web Filter Profile itself.

Web Filter Profile : Setting Items

Following are the setting items of the Web Filter Pofile.

Items

Values

Desprictions

Profile Name

(Half-Width alphabetical characters and numbers)

Input the profile name.
You can not utilize any two-byte characters and the following signs as below:
< > ( ) # ' " Space (blank)
Blocked Categories

"□" (unticking) or "✔" (ticking)

By ticking the respective "category" checkbox, you can get valid to block the relevant URL included in that category.

URL Filter

"□" (unticking) or "✔" (ticking)

You can specify any URL Filter at this profile by ticking in the checkbox.
Once the URL has been specified at the URL Filtering, the detection to the relevant URL will stop without further detection on whether the URL is defined as Blocked Categories.
Comment

(Half-Width alphabetical characters and numbers)

Fill in your comment if you would like to.
Fill in the comment within 225 words. NOTE: you can NOT use a two-bytes characters such as Japanese.
Rating

(Disable to Edit)

Following are the link to FortiGuard Center, which enables you to verify the ratings on the Categories.
For [ Rating ], please refer to how to the Web Filtering Categories.

Following describe the additional Items when your marked to the URL Filter check box.

Items

Values

Desprictions

ID

(Auto-Assign)

ID is assigned accordingly based on ID creation. NOTE: You can NOT edit the ID.

URL

(Half-Width alphabetical characters and numbers)

Fill in the URL, you would like to add to your list.
The IP Address can NOT be specify by yourselves.
You do not need to write down "http://" to the URL. "http://" is automatically removed, even if you input one.
You can not use any two-byte characters, such as Japanese, the following signs : < > ( ) # ' " スペース(空白)
Type

"simple" or "wildcard"

You need to select the type to evaluate the URL string.
simple: Completely Matched
wildcard:Available to Use a Wildcard.

Action

Specify either "block"or "exempt".

Select a specific action to the URL.
Block : Block the URL
exempt : Not block the URL

simple(completely matching)
If you select "simple" as Type, only an "Action" which completely matches to the input URL. You can NOT use any wildcard.
For example, if you input "example.com", a specific Action will be executed for all website pages whatever belongs to "example.com" . Any actions to "www.example.com" or "yourexample.com" will not be executed.

If you would like to access a specific page and execute an "Action" by selecting "simple" then fill in the password and the file name.
For example, if you input the strings of [ example.com/sample/example.html ], only that file will be a target to the Action.

wildcard
If you define the Type as "wildcard", you can show the relevant URL by utilizing the strings of [ ](asterisk) or [ ? ](question mark) .

[*] (asterisk) means that you can fill in any numbers and any characters with more than 0 words.
[?] ( question ) means to fill in any one word.

block
Block the specified URL.

exempt(Exemption for Blocking) *
This "exempt" does not block the specified URL. Even though the specified URL rating belongs to Blocked Categories, that URL defined as "exampt" by the URL Filtering finishes the URL filtering detection without any blocking.


How to Add Web Filter Profile

  1. Click Web Filter from the left-side Object screen.
    Object ‣ Security Profile ‣ Web Filter ‣ Web Filter

    Click [ Add ] at Web Filter of the right-side screen.

    Click Add


  1. Click [ Save ] after you input the setting value.
    For further details of setting items, please refer Web Filter Profile : Setting Items .

    Save Object


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to execute [Save Changes] in Profile before create Firewall policy.



How to Change Web Filter Profile : [ Edit / Depulicatoin / Remove ]

  1. Click Web Filter from the left-side Object screen.
    Object ‣ Security Profile ‣ Web Filter ‣ Web Filter

    Select the target chaged line at the right-side |rp_right_selection| screen. Click the operation button.

    Click Change


    Following describes respective buttons of Web Filter .

    Buttons

    Desprictions

    "Edit"

    Modify the value at Web Filter Profile that has already been set.

    "Duplicate"

    After duplicating the existing Web Filter Profile, the object setting screen will open with the same value.
    Make sure to change Profile Name .
    This is useful for you to define the another Web Filter Profile with the same value.

    Remove"

    Delete the selected Web Filter Profile .


    When you deleting one, the confirmation message will display. Please click [OK] to finally execute its deletion.

    Confirm Delete Object

    NOTE: You can not remove any object which has been utilizing at a Firewall Policy.


  1. Apply configuration to the device by clicking [Save].

    Save Config


Note

  • Please be sure to execute [Save Changes] in Profile before create Firewall policy.


Global URL ListsCommon Black List & Common White List

Configure both URL lists of Black list and White list to be applied for UTM Web filtering, regardless of the individual profiles on UTM Web filtering.

If necessary, you need edit the blank list, which has been already configured in advance.

The Web Filter and the Global URL List have been keyed to each other as described below:
相関図2

The Web Filtering defects URLs, based on the following order. If anything matched with the blocked categories, the web filtering will apply the current URL definition.
First, check the URL specified at the URL Filter. If need to block the URL, block the URL; On the other hand, if the URL defined as "exempt", the URL will not be blocked.

After the procedure of the URL Filtering, you need to check up the Global URL List. If the URL has been listed at the Blacklist, it will be blocked, whereas the URL listed at Whitelist will not be blocked.

After executing the web filter for the Global URL List. the relevant URL will be determined as Blacked Categories. So, the URL determined the rating of Black Category will be blocked, otherwise any URLs will not been blocked.

Parameters of the Global URL List

Following describe the parameters to operate at [ Global URL List }.

Items

Values

Desprictions

URL Blacklist

(Half-Width alphabetical characters and numbers)

Fill in the URL blocked by WEB Filter, when the Web Filter profile is activated.
The IP Address can NOT be specify by yourselves.
You can NOT use a wildcard [ * ] .
You do not need to write down "http://" to the URL. "http://" is automatically removed, even if you input one.
You can NOT use any two-bytes characters such as Japanese: < > ( ) # ' " , and any spaces (blanks).
URL Whitelist

(Half-Width alphabetical characters and numbers)

You need to input the URLs accepted by the Web Filter, when the Web Filter Profile will be activated.
The IP Address can NOT be specify by yourselves.
You can NOT use a wildcard [ * ] .
You do not need to write down "http://" to the URL. "http://" is automatically removed, even if you input one.
You can NOT use any two-bytes characters such as Japanese: < > ( ) # ' " , and any spaces (blanks).

The way to specify the URL is as same as the one to select [ Simple ] as the URL Filter at Web Filter Profile.
You can not use a wildcard.
For example, if you input "example.com", a specific Action will be executed for all website pages whatever belongs to "example.com" . Any actions to "www.example.com" or "yourexample.com" will not be executed.

If you would like to access a specific page and execute an "Action" by selecting "simple" then fill in the password and the file name.
For example, if you input the strings of [ example.com/sample/example.html ], only that file will be a target to the Action.

Edit the Profiles on the Global URL List.

Click [ Add ] at the Web Filter setting screen.
Web Filter設定スクリーン2

Add the URLs as both Blacklist and Whitelist, respectively. Then, click [ Save ].
When modify the Global URL lists, select the specific member then click [ Apply configuration ] .
Confirmation6
You can NOT delete ( Remove) any objects utilized at a Firewall Policy.

Apply configuration to the device by clicking [Save].

Save Config


Note

  • Please be sure to execute [Save Changes] in Profile before create Firewall policy.