Zecurity – Its all about Network Security

One stop portal for all your security solutions

Difference between URL Filter and Web Filter in Fortinet

with 2 comments


FortiGuard – Web Filter

FortiGuard Web Filtering is a managed web filtering solution provided by Fortinet. FortiGuard Web Filtering sorts hundreds of millions of web pages into a wide range of categories users can allow, block, or monitor. The FortiGate unit accesses the nearest FortiGuard Web Filtering Service Point to determine the category of a requested web page then follows the firewall policy configured for that user or interface.

FortiGuard Web Filtering includes over 60 million individual ratings of web sites applying to hundreds of millions of pages. Pages are sorted and rated into 56 categories users can allow, block, or monitor. Categories may be added to, or updated, as the Internet evolves. To make configuration simpler, users can also choose to allow, block, or monitor entire groups of categories. Blocked pages are replaced with a message indicating that the page is not accessible according to the Internet usage policy.

FortiGuard Web Filtering ratings are performed by a combination of proprietary methods including text analysis, exploitation of the Web structure, and human raters. Users can notify the FortiGuard Web Filtering Service Points if they feel a web page is not categorized correctly, and new sites are quickly rated as required.

URL filter

Allow or block access to specific URLs by adding them to the URL filter list. Add patterns using text and regular expressions (or wildcard characters) to allow or block URLs. The FortiGate unit allows or blocks web pages matching any specified URLs or patterns and displays a replacement message instead.

Note: Enable Web filtering > Web URL Filter in a firewall Protection Profile to activate the URL filter settings.

Note: URL blocking does not block access to other services that users can access with a web browser. For example, URL blocking does not block access to ftp://ftp.example.com. Instead, use firewall policies to deny FTP connections.

About these ads

Written by zecure

January 28, 2010 at 8:05 AM

Posted in Vendor Related

Tagged with

2 Responses

Subscribe to comments with RSS.

  1. I have a case opened with a rep on performing DNS packet blacklisting when a string is within the packet. This is mostly because I do not do scanning of encrypted packets, since not allowing MITMing was decided upon by management (even though I strongly disagree). The target is an interesting case: youtube.com. youtube.com shares public IPs with google.com, so the Fortigate will not ban youtube.com, as it does gmail.com (even when accessed over https).

    Have you had any luck blacklisting via creating an IPS signature to block a DNS lookup pattern?

    mbrownnyc

    June 1, 2012 at 11:09 PM

  2. too bad the web filter report does not actually work on the fortigate 110c

    unhappy

    May 23, 2013 at 8:47 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 208 other followers

%d bloggers like this: