2.2.6.2. Web Fileter [ Web Filter Function Profile ]

Define a profile of UTM Web filtering to be utilized at Firewall Policy.

At the Web Filter Profile, you can specify either "Blocked Categories" (Blocking per Category) or "URL Filtering" (Blocking per URL).

The Web Filter and the Global URL List have been keyed to each other as described below:
相関図

The Web Filtering defects URLs, based on the following order. If anything matched with the blocked categories, the web filtering will apply the current URL definition.
First, the URL specified by URL Filtering will be detected. In case of suggesting "Blocking", the URL will be blocked, whereas in case of suggesting "exempt", the URL will NOT be blocked.

After detection of the URL Filtering, you need to check the Global URL Lists. The URL listed up at the Blacklist will be blocked, whereas the URL listed at the Whitelist will NOT be blocked.

After checking the Global URL List, the URL has been examined whether or not the URL is defined as Blacked Categories. If so, that URL in Blacklist will be blocked.
If the URL has been done the rating as Black Categories, the URL will be blocked. Otherwise, the URL will not be blocked.

Please do NOT apply the Web Filtering to the outgoing traffics from the Proxy to the Internet. The UTM function may NOT perform correctly, due to the Proxy Scope or its settings.

2.2.6.2.1. Default Value

The default Web Filtering Profile shows by clicking [ Web Filter ] at the default settings.
既定のWeb Filterプロファイル

The default Web Filter has ticked the following checkboxes, such as [Malicious Websites], [Phishing], and [Spam URLs], at the [Blocked Categories]. Besides, the URL Filter has not been yet specified by default.
For __upg_WebFilter, [Malicious Websites], [Phishing], [Spam URLs], [Dynamic DNS], [Newly Observed Domain], and [Newly Registered Domain] of [Blocked Categories] are checked, and the URL Filter is not specified.
In addition, the profile with __upg notation at the beginning outputs the HTTP header as a log when HTTP communication is detected. See here for more information.
You can also edit to configure your own unique Web Filter profile, while you can use the default Web Filter Profile itself.

2.2.6.2.2. Web Filter Profile : Setting Items

Following are the setting items on Web Filter Profile.

Items

Values

Descriptions

Profile Name

(Half-width alphabetic characters & half-width numbers)

Enter the name of profile.
You can NOT utilize any two-byte characters, such as Japanese, and the following signs as below:
< > ( ) # ' " , and spaces (blank)
Blocked Categories

Either [ □ ] (unmarking to the checkbox) or [ ✔ ] (marking the checkbox)

By marking to the respective [ Category ] checkbox, you can get valid to block the relevant URL included into that category.

URL Filter

Add

Click Add to allow you to specify a URL Filter for this profile.
Once any URL has been designated at a URL Filtering, the detection for the relevant URL will stop without further examination on whether the URL is defined as Blocked Categories.
Comment

(Half-width alphabetic characters & half-width numbers)

Fill in your comment if you like.
Fill in your comment by using less than 225 letters. You can NOT utilize any two-bytes characters, such as Japanese.

Rating

(Disable any Editing )

This is a website link to FortiGuard Center enabling you to verify the ratings on the Categories.
Please refer to " :doc:` 8020_web_filter_categories` " for Rating.

Following describes the additional Items when your marked to the URL Filter check box.

Items

Values

Descriptions

ID

(Auto-Assign)

This ID is automatically assigned.

URL

(Half-width alphabetic characters & half-width numbers)

Fill in the URL, you would like to add to your list.
Here you can not designate any Using IP Address.
[ http:// ] is not necessary when you input parameters. If you input [ http:// ] , it will be automatically removed.
You can not use any two-byte characters, such as Japanese, the following signs : < > ( ) # ‘ ” Any space (Blank)

Type

[ Simple] or [ Wildcard ]

You need to select any type to evaluate any URL string.
Simple: Completely Matched
Wildcard:Enabling Wildcard usage.
Action

Specify either { Block ] or { Exempt ] .

Select a specific action to the relevant URL.
Block : Block the specific URL(s).
Exempt : Not block any URL

Simple (Completely matching)
If you select [ Simple ] as a Type, only an [ Action ] which completely matches to the input URL. You can NOT use any wildcard.
For example, if you input [ example.com ] then a specific Action will be executed for all website pages which [ example.com ] has. Any actions to [ www.example.com ] or [ yourexample.com ] will not be executed.

If you would like to access a specific webpage and execute an [ Action ] by selecting [ simple ] then fill in the password and the file name.
For example, if you input the strings of [ example.com/sample/example.html ], only that file will be the targeted to a specific Action.

Wildcard
If you define the Type as [ wildcard ], you can show the relevant URL by utilizing the strings of [ * ](asterisk) or [ ? ](question mark) .

[ * ] means filling in zero or more than one voluntary word.
[ ? ] (question) means filling in at least one word of any.

Block
Block a specified URL.

Exempt(Exempted Blocking)
This [ exempt ] does not block a specified URL. Even though any specified URL rating belongs to the list of Blocked Categories, that URL defined as [ exempt ] by the URL Filtering function finishes the relevant detection without any blocking.


2.2.6.2.3. Adding Web Filter Profile

  1. Click the Routing from the left-side Object screen.
    Security Profile ‣ Web Filter ‣ Web Filter

    Click [ Add ] at Web Filter of the right-side screen.

    Click Add


  1. Click [ Save ] after you input the setting value.
    Input Web Filter Profile : Setting Items to the setting value.

    Save Object


  1. Apply configuration to the device by clicking [Apply configuration].

    Save Config


Note

  • Please be sure to execute [Apply configuration] in Profile before create Firewall policy.



2.2.6.2.4. How to Change Profile (Edit / Duplicate / Remove)

  1. Click the Routing from the left-side Object screen.
    Security Profile ‣ Web Filter ‣ Web Filter

    Select the target changed line at Routing screen of the right-side. Click an operation button you need.

    Click Change


    Following describes respective buttons of Web Filter .

    Buttons

    Descriptions

    Edit

    Modify the value of Web Filter Profile that has already been set.

    Duplicate

    After duplicating the existing Profile , the object setting screen will open with the same value.
    Make sure to change Profile Name.
    This is useful for you to define another Profile with the same value.

    Remove

    Delete the selected Profile.


    When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.

    Confirm Delete Object

    NOTE: You can not remove any object which has been utilizing at a Firewall Policy.


  1. Apply configuration to the device by clicking [Apply configuration].

    Save Config


Note

  • Please be sure to execute [Apply configuration] in Profile before create Firewall policy.


2.2.6.2.5. Global URL ListsCommon Black List & Common White List

Configure both URL lists of Black list and White list to be applied for UTM Web filtering, regardless of the individual profiles on UTM Web filtering.

If necessary, you need edit the blank list, which has been already configured in advance.

The Web Filter and the Global URL List have been keyed to each other as described below:
相関図2

The Web Filtering defects URLs, based on the following order. If anything matched with the blocked categories, the web filtering will apply the current URL definition.
First, check the URL specified at the URL Filter. If need to block the URL, block the URL; On the other hand, if the URL defined as "exempt", the URL will not be blocked.

After the procedure of the URL Filtering, you need to check up the Global URL List. If the URL has been listed at the Blacklist, it will be blocked, whereas the URL listed at the Whitelist will not be blocked.

After executing the web filter for the Global URL List, the relevant URL will be determined as Blacked Categories. So, the URL determined the rating as the Black Category will be blocked, otherwise any URLs will not been blocked.

2.2.6.2.6. Parameters of a Global URL List

Following describe the parameters to operate at [ Global URL List ].

Items

Values

Descriptions

URL Blacklist

(Half-width alphabetic characters & half-width numbers)

Fill in the URL blocked by a WEB Filter, when the Web Filter profile is activated.
Here you can not designate any Using IP Address.
You can NOT use a wildcard [ * ] .
[ http:// ] is not necessary when you input parameters. If you input [ http:// ] , it will be automatically removed.
You can NOT use any two-byte characters, such as Japanese: < > ( ) # ' " , and any spaces (blanks).
URL Whitelist

(Half-width alphabetic characters & half-width numbers)

You need to input the accepted URLs, when Web Filter Profile is activated.
Here you can not designate any Using IP Address.
You can NOT use a wildcard [ * ] .
[ http:// ] is not necessary when you input parameters. If you input [ http:// ] , it will be automatically removed.
You can NOT use any two-byte characters, such as Japanese: < > ( ) # ' " , and any spaces (blanks).

How to specify a URL is the same as how to select [ Simple ] as a URL Filter at Web Filter Profile.
You can not use any wildcard.
For example, if you input [ example.com ] then a specific Action will be executed for all website pages which [ example.com ] has. Any actions to [ www.example.com ] or [ yourexample.com ] will not be executed.

If you would like to access a specific webpage and execute an [ Action ] by selecting [ simple ] then fill in the password and the file name.
For example, if you input the strings of [ example.com/sample/example.html ], only that file will be the targeted to a specific Action.

2.2.6.2.7. Editing the Profiles of the Global URL List.

On the [Global URL List] setting screen click [Edit].
Web Filter設定スクリーン2

Add the URLs as both Blacklist and Whitelist, respectively. Then, click [ Save ].
When modify the Global URL lists, select the specific member then click [ Apply configuration ] .
Confirmation6
You can NOT delete ( Remove) any objects utilized at a Firewall Policy.

Apply configuration to the device by clicking [Apply configuration].

Save Config


Note

  • Please be sure to execute [Apply configuration] in Profile before create Firewall policy.