Web Profile Overrides
This feature allows administrators to grant temporary access to sites that are otherwise blocked by a web filter profile. The temporary access can be granted to a user, user group, or source IP address. The time limit can be set in days, hours, or minutes. The default is 15 minutes.
Temporary access can also be granted to a user, user group, or source IP address by enabling Allow users to override blocked categories in a Web Filter security profile and applying that profile to the appropriate policy. In this scenario, the user will have to authenticate to gain access.
When Web Profile Overrides is in effect, a blocked access page or replacement message will not appear and authentication will not be required.
Creating a Web Profile Override
Before creating a Web Profile Override, you will have to configure a user or user group if not granting temporary access to a Source IP. You will also have to configure the Web Filter security profile to be applied to the override.
- Go to Security Profiles > Web Profile Overrides.
- Select Create New.
- Select:
- The Scope Range: User and User Group should be previously configured under User & Device l The Original Profile that applied to the scope range.
- The New Profile to apply for the override l The time when the override Expires; default is 15 minutes SafeSearch
SafeSearch
SafeSearch is a feature of popular search sites that prevents explicit web sites and images from appearing in search results. Although SafeSearch is a useful tool, especially in educational environments, the resourceful user may be able to simply turn it off. Enabling SafeSearch for the supported search sites enforces its use by rewriting the search URL to include the code to indicate the use of the SafeSearch feature. For example, on a Google search it would mean adding the string “&safe=active” to the URL in the search.
The search sites supported are:
l Google l Yahoo l Bing l Yandex
Enabling SafeSearch – GUI
- Go to Security Profiles > Web Filter and edit or create a policy.
- Expand Search Engines
Enabling SafeSearch – CLI
config webfilter profile edit default config web set safe-search <url>
end
end
This enforces the use of SafeSearch in traffic controlled by the firewall policies using the web filter you configure.
Search Keywords
There is also the capability to log the search keywords used in the search engines.
config system global
set gui-webfilter-advanced enable doesn´t exist on a FG-501E running 6.0.3?
Any easy way to export web filtering from one Gate and import it to another?
Backup the config and nit pick through it. Be sure the FortiGates are running the same version of code though!