FortiGuard Web Filtering Service

FortiGuard Web Filtering is a managed web filtering solution available by subscription from Fortinet. Before you begin to use the FortiGuard Web Filtering options, verify that you have a valid subscription to the service for your FortiGate firewall.

FortiGuard Web Filtering enhances the web filtering features supplied with your FortiGate unit by sorting billions of web pages into a wide range of categories users can allow or block. The FortiGate unit accesses the nearest

 

FortiGuard Web Filtering Service Point to determine the category of a requested web page, and then applies the security policy configured for that user or interface. FortiGuard Web Filtering supports detection for traffic using HTTP protocol (versions 1.0, 1.1, and 2.0).

FortiGuard Web Filtering includes over 45 million individual ratings of web sites that apply to more than two billion pages. Pages are sorted and rated into several dozen categories administrators can allow or block. Categories may be added or updated as the Internet evolves. To make configuration simpler, you can also choose to allow or block entire groups of categories. Blocked pages are replaced with a message indicating that the page is not accessible according to the Internet usage policy.

FortiGuard Web Filtering ratings are performed by a combination of proprietary methods including text analysis, exploitation of the web structure, and human raters. Users can notify the FortiGuard Web Filtering Service Points if they feel a web page is not categorized correctly, so that the service can update the categories in a timely fashion.

FortiGuard web filtering and your FortiGate unit

When FortiGuard Web Filtering is enabled in a web filter or a DNS filter profile, the setting is applied to all firewall policies that use this profile. When a request for a web page appears in traffic controlled by one of these firewall policies, the URL is sent to the nearest FortiGuard server. The URL category is returned. If the category is blocked, the FortiGate unit provides a replacement message in place of the requested page. If the category is not blocked, the page request is sent to the requested URL as normal.

FortiGuard web filtering actions

The possible actions are:

• Allow permits access to the sites within the category.
• Block prevents access to sites within the category. Users attempting to access a blocked site will receive a replacement message explaining that access to the site is blocked.
• Monitor permits and logs access to sites in the category. You may also enable user quotas when enabling the monitor action.
• Warning presents the user with a message, allowing them to continue if they choose.
• Authenticate requires a user to authenticate with the FortiGate unit before being allowed access to the category or category group.

The options of actions available will depend on the mode of inspection.

• Proxy – Allow, Block, Monitor, Warning, Authenticate and Disable. l Flow-based, policy-based – Allow, Block & Monitor.
• Flow-based, profile-based – Allow, Deny

FortiGuard Web Filtering Service

Web filtering flowchart

FortiGuard web filtering categories

The following tables identify each FortiGuard web filtering category (organized by group) along with associated category IDs. You can access the current list of category IDs through the CLI.

config webfilter profile edit default config ftgd-wf config filters edit 1 set category ?

For a complete description of each web filtering category, visit http://www.fortiguard.com/webfilter/categories.

Potentially Liable

ID	Category		ID	Category
1	Drug Abuse		12	Extremist Groups
3	Hacking		59	Proxy Avoidance
4	Illegal or Unethical		62	Plagiarism
5	Discrimination		83	Child Abuse
6	Explicit Violence

Adult/Mature Content

ID	Category		ID	Category
2	Alternative Beliefs		16	Weapons (Sales)
7	Abortion		57	Marijuana
8	Other Adult Materials		63	Sex Education
9	Advocacy Organizations		64	Alcohol
11	Gambling		65	Tobacco
13	Nudity and Risque		66	Lingerie and Swimsuit
14	Pornography		67	Sports Hunting and War Games
15	Dating

FortiGuard Web Filtering Service

Bandwidth Consuming

ID	Category		ID	Category
19	Freeware and Software Downloads		72	Peer-to-peer File Sharing
24	File Sharing and Storage		75	Internet Radio and TV
25	Streaming Media and Download		76	Internet Telephony

Security Risk

ID	Category		ID	Category
26	Malicious Websites		86	Spam URLs
61	Phishing		88	Dynamic DNS
	Newly Observed Domain			Newly Registered Domain

Newly observed domain (NOD) applies to URLs whose domain name is not rated and were observed for the first time in the past 30 minutes.

Newly registered domain (NRD) applies to URLs whose domain name was registered in the previous 10 days.

General Interest – Personal

ID	Category		ID	Category
17	Advertising		47	Travel
18	Brokerage and Trading		48	Personal Vehicles
20	Games		54	Dynamic Content
23	Web-based Email		55	Meaningless Content
28	Entertainment		58	Folklore
29	Arts and Culture		68	Web Chat
30	Education		69	Instant Messaging
33	Health and Wellness		70	Newsgroups and Message Boards
34	Job Search		71	Digital Postcards
35	Medicine		77	Child Education
ID	Category		ID		Category
36	News and Media		78		Real Estate
37	Social Networking		79		Restaurant and Dining
38	Political Organizations		80		Personal Websites and Blogs
39	Reference		82		Content Servers
40	Global Religion		85		Domain Parking
42	Shopping		87		Personal Privacy
44	Society and Lifestyles		89		Auction
46	Sports

General Interest – Business

ID	Category		ID	Category
31	Finance and Banking		52	Information Technology
41	Search Engines and Portals		53	Armed Forces
43	General Organizations		56	Web Hosting
49	Business		81	Secure Websites
50	Information and Computer Security		84	Web-based Applications
51	Government and Legal Organizations

Local categories

Users can define custom or local categories. See Overriding FortiGuard Website Categorization for details.