Fortigate How-To: Basic Web Filtering

I’m going to deploy basic web filtering on Fortigate VM@AWS.

VPC Diagram

 

Basic Setup

Basic procedure to deploy Fortigate in AWS can be found here.

 

Web Filtering

Systems > Settings > System Operation Settings

  • Inspection Mode … This is how packet is being processed. Basically Proxy Mode looks deeper in the packet but slower. I use Proxy Mode here.
  • NGFW Mode … This  is how we are going to configure security policies. I prefer “Profile-based” as I can re-use those profile for multiple policies. Note that this option is not available if you select Proxy Mode, and it uses Profile-based anyway.

 

Security&Profiles > Web Filter

Usually default is acceptable in most cases. But it is sometimes too restrictive(eg. YouTube is blocked). And most of the cases, some URLs needs to be whitelisted so that it wouldn’t be blocked by any mistake, which can be achieved in URL Filter.

 

Now we can test the basic function, let’s make the policy.

Policy&Object > IPv4 Policy

Here, port1 is the interface connecting to external-1, and port2 is connecting to internal-1.

And here is the web browsing test from WindowsVM.

We can browse the internet. Then let’s try other website which is supposed to be blocked.

mmm, it is blocked. But the error page looks misleading. This is because Fortigate is trying to show the resulting(which says Blocked) error page, but Chrome finds the page contains invalid certificate and blocked that “Blocked” message from showing.

I’m going to fix this in the next article.