I’m going to deploy basic web filtering on Fortigate VM@AWS.
Basic procedure to deploy Fortigate in AWS can be found here.
Systems > Settings > System Operation Settings
- Inspection Mode … This is how packet is being processed. Basically Proxy Mode looks deeper in the packet but slower. I use Proxy Mode here.
- NGFW Mode … This is how we are going to configure security policies. I prefer “Profile-based” as I can re-use those profile for multiple policies. Note that this option is not available if you select Proxy Mode, and it uses Profile-based anyway.
Security&Profiles > Web Filter
Usually default is acceptable in most cases. But it is sometimes too restrictive(eg. YouTube is blocked). And most of the cases, some URLs needs to be whitelisted so that it wouldn’t be blocked by any mistake, which can be achieved in URL Filter.
Now we can test the basic function, let’s make the policy.
Policy&Object > IPv4 Policy
Here, port1 is the interface connecting to external-1, and port2 is connecting to internal-1.
And here is the web browsing test from WindowsVM.
We can browse the internet. Then let’s try other website which is supposed to be blocked.
mmm, it is blocked. But the error page looks misleading. This is because Fortigate is trying to show the resulting(which says Blocked) error page, but Chrome finds the page contains invalid certificate and blocked that “Blocked” message from showing.
I’m going to fix this in the next article.