FortiGate Block Website v5.4
This post shows you how to block an individual website with a static URL filter.
- Navigate to Security Profiles > Web Filter
- Scroll down to Static URL filter and enable URL Filter (if it’s not already)
- Click Create
- Enter the url you want to block. I’m using facebook.com for this example and since I want to block all things facebook.com I’m making this a Wildcard block and using *facebook.com for the entry. Click OK
- Make sure you have an outbound traffic policy that has Web filtering enabled. You also want to make sure you have SSL Inspection enabled on this policy. SSL Inspection is important if you want to also block https traffic. For this example, nothing additional for SSL Inspection was configured, we’re just using the default header inspection, this is enough to do what we need.
Now when you try to goto facebook.com you receive a block message, shown below.
Additional Information
So, I chose Facebook for this example because it’s a common one to block. Recently lots of browsers have been updated with higher security settings. On these updated browsers you won’t see the FortiGuard page shown above. Instead the site will still be blocked but you will receive a certificate error trying to access the site.
I’ll be creating a post showing how to manage this in your environment with full inspection and distributed certificates in a future post.