Different ways of controlling access

The methods available for monitoring and controlling Internet access range from manual and educational methods to fully automated systems designed to scan, inspect, rate and control web activity.

Common web access control mechanisms include:

• establishing and implementing a well-written usage policy in the organization on proper Internet, email, and computer conduct
• installing monitoring tools that record and report on Internet usage l implementing policy-based tools that capture, rate, and block URLs.

The following information shows how the filters interact and how to use them to your advantage.

Order of web filtering

The FortiGate unit applies web filters in a specific order:

1. URL filter
2. FortiGuard Web Filter
3. web content filter
4. web script filter antivirus scanning.

If you have blocked a FortiGuard Web Filter category but want certain users to have access to URLs within that pattern, you can use the Override within the FortiGuard Web Filter. This will allow you to specify which users have access to which blocked URLs and how long they have that access. For example, if you want a user to be able to access www.example.com for one hour, you can use the override to set up the exemption. Any user listed in an override must fill out an online authentication form that is presented when they try to access a blocked URL before the FortiGate unit will grant access to it.

If you have blocked a FortiGuard Web Filter category but want users within a specific Web Filter profile to have access to URLs within that pattern, you can use the following CLI command below to override (this will have no timeout affiliated to it):

CLI syntax:

config webfilter profile edit <profile> config web

set whitelist exempt-av exempt-dlp exempt-rangeblock extended-log-others end

end

This command will set a Web Filter profile that exempts AV, DLP, RangeBlock, and supports extended log by FortiGuard whitelist.