Web filtering using quotas

November 16, 2016, 7:40 am

≫ Next: Blocking Social Media (Video)

≪ Previous: ISFW and Cooperative Security Fabric (Video)

$

0

0

This recipe demonstrates how to set up a web filter security profile with a quota that dynamically limits the amount of time users on an internal network can access websites categorized as “General Interest.”  

You can also apply quotas to specific users on your network by creating granular policies that apply different quotas to different user groups using specific firewall addresses or needing authentication.

See User and device authentication for information about creating user accounts.

_{Find this recipe for other FortiOS versions
5.2 | 5.4}

1. Enabling web filtering
Go to System > Feature Select and confirm that Web Filter is ON. If necessary, click Apply to make your changes.
2. Creating a web filter profile that uses quotas
Go to Security Profiles > Web Filter. Edit the default profile and enable FortiGuard category based filter.   Right-click on the category General Interest – Personal and select Monitor. Do the same for the category General Interest – Business.   These categories include a variety of sites that are commonly blocked in the workplace, such as games, instant messaging, and social media. For a complete description of each web filtering category, visit the FortiGuard Web Filtering page.
Under Category Usage Quota, select Create New.   Select both General Interest – Personal and General Interest – Business. For testing purposes, set the Quota to 5 Minutes.
The web filter now displays all the General Interest sub-categories and the applied quota.
3. Adding web filtering to a security policy
Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet. Under Security Profiles, turn on Web Filter and use the default profile. Note: If you are applying quotas to specific users or devices, edit Source Address to apply the policy only to them.
4. Results
Browse to www.ebay.com, a website in the General Interest – Personal category.   Access to the website is allowed for 5 minutes, after which time  a “web page blocked” message appears. The message appears each time users affected by the security policy try to access General Interest sites until the quota is reset (every 24 hours at midnight).
Go to FortiView > Threats and select the 5 minutes view. You can see the blocked traffic.

For further reading, check out Blocking Social Media using FortiGuard Categories, Blocking Facebook with Web Filtering, and FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

An active license for FortiGuard Web Filtering Services is required to use web filtering with quotas.

The post Web filtering using quotas appeared first on Fortinet Cookbook.

---

Blocking Social Media (Video)

December 28, 2016, 2:33 pm

≫ Next: Overriding a web filter profile

≪ Previous: Web filtering using quotas

$

0

0

In this video, you’ll learn how to block access to social media websites using FortiGuard categories. You’ll need an active license for FortiGuard Web Filtering services. FortiGuard categories allow you to take action against a group of websites in a certain category. Computers on your internal network will not have access to any websites that are fall into FortiGuard’s social media category. 

The recipe for this video is available here.

Watch more videos

The post Blocking Social Media (Video) appeared first on Fortinet Cookbook.

Overriding a web filter profile

February 7, 2017, 8:36 am

≫ Next: FortiSandbox in the Security Fabric

≪ Previous: Blocking Social Media (Video)

$

0

0

In this recipe, one user is temporarily allowed to override a web filter profile in order to access sites that would otherwise be blocked. Web filtering blocks the Bandwidth Consuming category for all users, except those who can override the filter.

_{Find this recipe for other FortiOS versions:
5.2 | 5.4}

1. Enabling web filtering and multiple profiles
Go to System > Feature Select to enable Web Filter and Multiple Security Profiles. Apply changes if necessary.
2. Creating a user group and two users
Go to User & Device > User Groups. Create a new group for users who can override web filtering (in this example, web-filter-override).
Go to User & Device > User Definition to create two users (in this example, ckent and bwayne).
Assign ckent to the web-filter-override group, but not bwayne.
3. Creating a web filter profile and an override
Go to Security Profiles > Web Filter to create a new profile (block-bandwidth-consuming). Enable FortiGuard category based filter, then right-click Bandwidth Consuming and select Block.
Go to Security Profiles > Web Filter to enable Allow users to override blocked categories. Set Groups that can override to web-filter-override, Profile can switch to default, Switch applies to User Group, and Switch Duration to Ask.
4. Adding the new web filter profile to a security policy
Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet. Set Source all, bwayne, and web-filter-override. Under Security Profiles, enable Web Filter and select the block-bandwidth-consuming profile.
5. Results
Browse to youtube.com, a website that is part of the Bandwidth Consuming category. Authenticate using the bwayne account. The website is blocked.
Go to Monitor > Firewall User Monitor and De-authenticate bwayne.
Browse to youtube.com again, this time authenticating the ckent account. You can access the website until the override expires.

For further reading, check out the Web Filter chapter in the FortiOS 5.4 Handbook.

The post Overriding a web filter profile appeared first on Fortinet Cookbook.

FortiSandbox in the Security Fabric

April 17, 2017, 7:05 am

≫ Next: Certificate errors for blocked websites

≪ Previous: Overriding a web filter profile

$

0

0

In this recipe, you will add a FortiSandbox to your Security Fabric and configure each FortiGate in the fabric to send suspicious files to FortiSandbox for Sandbox Inspection. These files will be scanned and tested in isolation from your network on the FortiSandbox .

This example uses the Security Fabric configuration created in the recipe Security Fabric installation. The FortiSandbox will connect to the root FortiGate in the fabric, known as External. There will be two connections between the devices:

• FortiSandbox port 1 (administration port) connects to External port 16
• FortiSandbox port 3 (VM outgoing port) connects to External port 13

_{Find this recipe for other FortiOS versions
5.4 | 5.6}

1. Running a Security Fabric Audit without using FortiSandbox
On External (the root FortiGate of the Security Fabric), go to Log & Report > Security Fabric Audit. Run an Audit for your Security Fabric.
Since you are not using FortiSandbox, your Security Fabric will fail the Advanced Threat Protection check and you Security Score will decrease by 30 points for each FortiGate in the Fabric.
2. Connecting the FortiSandbox and External
On the FortiSandbox, go to Network > Interfaces and configure port 1. This port will be used for communication between the FortiSandbox and your security fabric. Set the IP/Network Mask to an internal IP address. In this example, the FortiSandbox will connect to the same subnet as a previously installed FortiAnalyzer, using the IP address 192.168.55.20.
Go to Network > Interfaces and configure port 3. This port will be used for outgoing communication by the FortiSandbox’s Virtual Machines (VMs). It is recommended to connect this port to a dedicated interface on your FortiGate to protect the rest of the network from threats currently being investigated by the FortiSandbox. Set the IP/Network Mask to an internal IP address (in the example, 192.168.179.10/255.255.255.0).
On the FortiSandbox, go to Network > System Routing and add a static route for port 1. Set Gateway to the IP of the FortiGate interface that port 1 connects to (in the example, 192.168.55.2).
On External, go to Network > Interfaces and port 13. Set IP/Network Mask to an address on the same subnet as port 3 (in the example, 192.168.179.2/255.255.255.0)
FortiSandbox port 3 must be able to connect to the Internet. On the FortiGate, go to Policy & Objects > IPv4 Policy and create a policy allowing connections from the FortiSandbox to the Internet.
If you haven’t already done so, connect the FortiSandbox to your security fabric as shown in the diagram.
3. Activating the FortiSandbox VMs
On the FortiSandbox, go to Scan Policy > General. Enable Allow Virtual Machines to access external network through outgoing port3 and set Gateway to the IP address of the FortiGate port 13.
Wait for the FortiSandbox to confirm that it has access to the Internet. Once this occurs, it will start to activate and initialize the Microsoft Windows VM and the Microsoft Office VM. Go to the Dashboard and locate the System Information widget. When the VMs are ready to go, green checkmarks will appear beside them.
4. Adding the FortiSandbox to the Security Fabric
On External, go to System > Security Fabric. Enable Sandbox Inspection. Make sure FortiSandbox Appliance is selected and set Server to the IP address of the FortiSandbox’s port 1.
Select Test Connectivity. An error message appears because External has not been authorized on the FortiSandbox.
On the FortiSandbox, go to Scan Input > Device. External is listed but shown as unauthorized.
Select the Edit button located beside External’s name. Under Permissions and Policies, select Authorized.
On External, go to System > Security Fabric and test the Sandbox Inspection connectivity again. External is now connected to the FortiSandbox.
Repeat these steps for the other FortiGates in the Security Fabric.
5. Adding Sandbox Inspection to AntiVirus, Web Filter, and FortiClient Profiles
Sandbox Inspection can be applied to three security profiles: AntiVirus, Web Filter, and FortiClient Profiles. In this step, Sandbox Inspection should be added on all FortiGates in the fabric individually, using the profiles that each FortiGate applies to traffic.
Go to Security Profiles > AntiVirus and edit the default profile. Under Inspection Options, set Send Files to FortiSandbox Application for Inspection to All Supported Files.
Enable Use FortiSandbox Database, so that if FortiSandbox discovers a threat, a signature for that file is added to the FortiGate’s AntiVirus signature database.
Go to Security Profiles > Web Filter and edit the default profile. Under Static URL Filter, enable Block malicious URLS discovered by FortiSandbox.
If the FortiSandbox discovers a threat, the URL that threat came from will be added to the list of URLs that will be blocked by the FortiGate.
Go to Security Profiles > FortiClient Profiles and edit the default profile. Enable Security Posture Check.  Enable Realtime Protection and Scan with FortiSandbox.
6. Results
If your FortiGate discovers a suspicious file, it will now be sent to the FortiSandbox. To view information about the files that have been sent on the FortiGate, go to the Dashboard and locate the Advanced Thread Protection Statistics widget, which shows files scanned by both the FortiGate and FortiSandbox.
You can also view results on the FortiSandbox by going to System > Status and viewing the Scanning Statistics widget.
On External, go to Log & Report > Security Fabric Audit and run an Audit. When it is finished, select the All Results view.
Your Fabric has passed the Advanced Threat Protection check and your Security Score has improved.

• Was this helpful?
• Yes   No

In order to pass this check, all FortiGates must have Sandbox Inspection added to an AntiVirus profile.

The post FortiSandbox in the Security Fabric appeared first on Fortinet Cookbook.

Certificate errors for blocked websites

June 1, 2017, 11:02 am

≫ Next: Blocking Facebook

≪ Previous: FortiSandbox in the Security Fabric

$

0

0

Avoiding certificate errors when SSL inspection is applied to traffic is an in-demand topic. There are a number of methods that you can use to prevent these warnings: installing self-signed certificates on client devices, using a certificate signed by a trusted CA, or using the certificate-inspection profile for SSL inspection. However, for all of these methods, certificate errors can still occur when you’ve blocked access to a page using web filtering and the FortiGate attempts to display a replacement message for that site using HTTPS.

This error occurs because, by default, the FortiGate does not use the same certificate for SSL inspection and the encryption of the replacement messages. To avoid these errors, you should first determine which certificate your FortiGate uses for replacement messages using the CLI. The command differs depending on which version of FortiOS you are using:

FortiOS 5.2 and earlier:

config webfilter fortiguard
# get 
cache-mode : ttl 
cache-prefix-match : enable 
cache-mem-percent : 2 
ovrd-auth-port-http : 8008 
ovrd-auth-port-https: 8010 
ovrd-auth-port-warning: 8020 
ovrd-auth-https : enable 
warn-auth-https : enable 
close-ports : disable 
request-packet-size-limit: 0 
ovrd-auth-hostname : 
ovrd-auth-cert : Fortinet_Firmware

The certificate Fortinet_Firmware is used by default. To avoid errors, you can either change this certificate to the certificate used for SSL inspection or you can install this certificate on all client devices. Which solution you choose depends on your own environment and what certificates you are already using.

FortiOS 5.4 and later:

config user setting 
# get
auth-type : http https ftp telnet 
auth-cert : Fortinet_Factory 
auth-ca-cert : 
auth-secure-http : disable 
auth-http-basic : disable 
auth-timeout : 5 
auth-timeout-type : idle-timeout 
auth-portal-timeout : 3 
radius-ses-timeout-act: hard-timeout 
auth-blackout-time : 0 
auth-invalid-max : 5 
auth-lockout-threshold: 3 
auth-lockout-duration: 0 
auth-ports:

The certificate Fortinet_Factory is used by default. To avoid errors, you can either change this certificate to the certificate used for SSL inspection or you can install this certificate on all client devices. Which solution you choose depends on your own environment and what certificates you are already using.

For more information about SSL inspection and certificate errors, see the following resources:

• Preventing certificate warnings (5.2 | 5.4)
• Why you should use SSL inspection

The post Certificate errors for blocked websites appeared first on Fortinet Cookbook.

Blocking Facebook

November 13, 2017, 6:35 am

≫ Next: Web and DNS filter troubleshooting

≪ Previous: Certificate errors for blocked websites

$

0

0

This recipe explains how to block access to Facebook on your network with a Web Filter security profile and an Application Control security profile. This recipe works on FortiGates operating in flow-based profile inspection mode or proxy-based inspection mode.

You will need a WiFi network configured on your FortiGate. See Setting up WiFi with a FortiAP or Setting up a WiFi Bridge with a FortiAP.

_{Find this recipe for other FortiOS versions:
5.2 | 5.4 | 5.6}

1. Enable Web Filtering and Application Control
Go to System > Feature Visibility to enable the Web Filter and Application Control features.
2. Edit the default Web Filter profile
Go to Security Profiles > Web Filter and edit the default profile. To block Facebook, go to Static URL filter, enable URL Filter, and then click + Create.
Set URL to *facebook.com. Set Type to Wildcard, set Action to Block, and set Status to Enable.
3. Edit the default Application Control profile
Go to Security Profiles > Application Control and edit the default profile. To block Facebook, go to Application Overrides and click on + Add Signatures.
Click  Add Filter. Select Name and enter Facebook to reveal a list of all the signatures for Facebook applications. Select all the signatures and click Use Selected Signatures.
Confirm that the Action is set to Block for each of the Facebook application signatures and select Apply.
4. Create the security policy
Go to Policy & Objects > IPv4 Policy, and click + Create New. Give the policy an identifying name. In this example, blocking-facebook. Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface. Enable NAT.
Under Security Profiles, enable Web Filter and Application Control. Select the default web filter and application control profiles. Once you select those profiles, SSL/SSH Inspection is enabled by default. If you are using proxy-based inspection mode, then Proxy Options will also be enabled by default. To inspect all traffic, SSL/SSH inspection must be set to deep-inspection profile.
The new policy must be first on the list in order to be applied to Internet traffic. Confirm this by viewing policies By Sequence. To move a policy up or down, click and drag the far-left column of the policy.
If your FortiAP is configured in tunnel mode, you will need to edit the wireless policy and apply the web filter and application control security profiles to that policy.
5. Results
Visit facebook.com. HTTPS is automatically applied to facebook.com, even if it is not entered in the address bar. A Web Page Blocked! message appears.  A FortiGuard warning message will appear, stating that the application was blocked.
Visit a subdomain of Facebook, for example, attachments.facebook.com. A Web Page Blocked! message appears, blocking the subdomain.
Using a mobile device, or any device that has the Facebook app installed, ensure that you are connected to the Internet. Open the Facebook app and login. You should not be able to connect.
Go to Log & Report > Web Filter. You will see that facebook.com and attachments.facebook.com are blocked by the FortiGate.
Go to Log & Report > Application Control. You will see that the Facebook application is blocked by the FortiGate.

For further reading, check out Static URL Filter and Application Control in the FortiOS 5.6 Handbook.

Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.

Application Control uses flow-based inspection; if you apply an additional security profile to your traffic that is proxy-based, the connection will simply timeout rather than display the warning message. However, Application Control will still function.

The post Blocking Facebook appeared first on Fortinet Cookbook.

Web and DNS filter troubleshooting

January 23, 2018, 10:50 am

≫ Next: FortiSandbox in the Security Fabric

≪ Previous: Blocking Facebook

$

0

0

This section contains tips to help you with some common challenges of FortiGate web and DNS filtering.

The Web Filter menu is missing

Go to Feature Select/Feature Visibility and enable Web Filter.

You cannot create new web filter profiles

Go to Feature Select/Feature Visibility and enable Multiple Security Profiles.

You configured web filtering, but it is not working

Verify that Web Filter is enabled in a policy and SSL Inspection has been applied as needed (SSL inspection is required in order to block traffic to sites that use HTTPS). If both settings are enabled, verify that the policy is being used for the correct traffic and that traffic is flowing by going to the policy list and viewing the Sessions column.

If all this is correct, verify that proxy options and SSL/SSH inspection settings have both HTTP and HTTPS enabled and use the correct ports.

You configured DNS Filtering, but it is not working

Verify that DNS Filter is enabled in a policy. If both settings are enabled, verify that the policy is being used for the correct traffic and that traffic is flowing by going to the policy list and viewing the Sessions column. 

If all this is correct, verify that DNS requests are going through the policy, rather than to an internal DNS server.

FortiGuard has the wrong categorization for a website

If you believe a website has been placed in the wrong category by FortiGuard, you can submit the URL for re-classification by going to the FortiGuard website.

The website categorization on your FortiGate does not match the FortiGuard categorization

Verify that you entered the entire URL of the website, not just the domain name. Also verify that you have not used a web rating override to change the local  website categorization.

If the categorizations still do not match, verify whether your web filter profile has the option to Rate URLs by domain and IP Address enabled. If this option is enabled, the categorization could be different if the IP address that the URL resolves to has a different rating than the URL itself.

An active FortiGuard web filter license displays as expired/unreachable

If this occurs, verify that web filtering is enabled in one of your security policies. FortiGuard services will sometimes show as expired those services are not actively used.

If web filtering is enabled in a policy, go to your FortiGuard settings and expand Web Filtering. Under Port Selection, select Use Alternate Port (8888). Select Apply to save the changes. Verify whether the license is shown as active. If it is still inactive/expired, switch back to the default port and verify again.

Go to the DNS settings to verify that your FortiGate is pointing to appropriate DNS servers and can resolve and reach FortiGuard at service.fortiguard.net. If you can reach this service, you can then verify the connection to FortiGuard servers by running the command diagnose debug rating. This displays a list of FortiGuard IP gateways you can connect to, as well as the following information:

• Weight: Based on the difference in time zone between the FortiGate and this server
• RTT: Return trip time
• Flags: D (IP returned from DNS), I (Contract server contacted), T (being timed), F (failed)
• TZ: Server time zone
• Curr Lost: Current number of consecutive lost packets
• Total Lost: Total number of lost packets

Using URL Filters in conjunction with FortiGuard Categories is not working

Web filtering inspection is applied in the following order:

1. URL filters
2. FortiGuard category filtering
3. Advanced filters (ex. safe search or removing Active X components)

Because of this order, a URL can trigger two matches: first, for a URL filter with Action set to Allow, and the a second for a blocked FortiGuard Category. This results in the website being blocked. To avoid this, set Action to Exempt to bypass further web filter inspection of that URL.

You can control which scans that you wish to exempt the URL from in the CLI:

config webfilter urlfilter
  edit <id>
  config entries
    edit <id>
    set exempt {av | web-content | activex-java-cookie | dlp | fortiguard | range-block | pass | all}

 

The post Web and DNS filter troubleshooting appeared first on Fortinet Cookbook.

FortiSandbox in the Security Fabric

March 29, 2018, 12:00 am

≫ Next: Blocking adult/mature content with Google SafeSearch

≪ Previous: Web and DNS filter troubleshooting

$

0

0

In this recipe, you will add a FortiSandbox to your Security Fabric and configure each FortiGate in the network to send suspicious files to FortiSandbox for sandbox inspection. The FortiSandbox scans and tests these files in isolation from your network.

This recipe is in the Security Fabric Collection. You can also use it as a standalone recipe.

This example uses the Security Fabric configuration created in the Security Fabric collection recipe. The FortiSandbox connects to the root FortiGate in the Security Fabric, known as External. There are two connections between the devices:

• FortiSandbox port 1 (administration port) connects to Edge port 16
• FortiSandbox port 3 (VM outgoing port) connects to Edge port 13

If possible, you can also use a separate Internet connection for FortiSandbox port 3, rather than connecting through the Edge FortiGate to use your main Internet connection. This configuration avoids having IP addresses from your main network blacklisted if malware that’s tested on the FortiSandbox generates an attack. If you use this configuration, you can skip the steps listed for FortiSandbox port 3.

_{Find this recipe for other FortiOS versions
5.4 | 5.6 | 6.0}

1. Checking the Security Rating results before installing the FortiSandbox
On Edge (the root FortiGate in the Security Fabric), go to Security Fabric > Security Rating. Since you haven’t yet installed a FortiSandbox in your network, the Security Fabric fails the Advanced Threat Protection check. In the example, the Security Rating Score decreases by 30 points for each of the four FortiGates in the Security Fabric.
2. Connecting the FortiSandbox and Edge
Connect to the FortiSandbox. To edit port1, which is used for communication between the FortiSandbox and the rest of the Security Fabric, go to Network > Interfaces. Set IP Address/Netmask to an internal IP address. In this example, the FortiSandbox connects to the same subnet as the FortiAnalyzer that you installed previously, using the IP address 192.168.65.20.
Edit port3. This port is used for outgoing communication by the virtual machines (VMs) running on the FortiSandbox. It’s recommended that you connect this port to a dedicated interface on your FortiGate to protect the rest of the network from threats that the FortiSandbox is currently investigating. Set IP Address/Netmask to an internal IP address (in the example, 192.168.179.10/255.255.255.0).
To add a static route, go to Network > System Routing. Set Gateway to the IP address of the FortiGate interface that port 1 connects to (in the example, 192.168.65.2).
Connect to Edge. To configure the port that connects to port3 on the FortiSandbox (in the example, port13), go to Network > Interfaces. Set IP/Network Mask to an address on the same subnet as port 3 on the FortiSandbox (in the example, 192.168.179.2/255.255.255.0)
Connect the FortiSandbox to the Security Fabric.
3. Allowing VM Internet access
Connect to Edge. To create a policy that allows connections from the FortiSandbox to the Internet, go to Policy & Objects > IPv4 Policy.
Connect to FortiSandbox. Go to Scan Policy > General and select Allow Virtual Machines to access external network through outgoing port3. Set Gateway to the IP address of port 13 on the FortiGate.
Go to the Dashboard and locate the System Information widget. Verify that VM Internet Access has a green checkmark beside it.
4. Adding the FortiSandbox to the Security Fabric
Connect to Edge. To add FortiSandbox to the Security Fabric, go to Security Fabric > Settings. Enable Sandbox Inspection. Make sure FortiSandbox Appliance is selected and set Server to the IP address of port 1 on the FortiSandbox.
Select Test Connectivity. An error message appears because Edge hasn’t been authorized on the FortiSandbox.
Edge, as the root FortiGate, pushes FortiSandbox settings to the other FortiGates in the Security Fabric. To verify this, connect to Accounting and go to Security Fabric > Settings.
On the FortiSandbox, go to Scan Input > Device. The FortiGates in the Security Fabric (Edge, Accounting, Marketing, and Sales) are listed but the Auth column indicates that the devices are unauthorized.
Select and edit Edge. Under Permissions & Policies, select Authorized. Repeat this for the other FortiGates.
On Edge, go to Security Fabric > Settings and test the Sandbox Inspection connectivity again. External is now connected to the FortiSandbox.
5. Adding sandbox inspection to Antivirus, Web Filter, and FortiClient profiles
You can apply sandbox inspection with three types of security inspection: antivirus, web filter, and FortiClient compliance profiles. In this step, you add sandbox to all FortiGate devices in the Security Fabric individually, using the profiles that each FortiGate applies to network traffic. In order to pass the Advanced Threat Protection check, you must add sandbox inspection to antivirus profiles for all FortiGate devices in the Security Fabric.
Go to Security Profiles > AntiVirus and edit the default profile. Under Inspection Options, set Send Files to FortiSandbox Appliance for Inspection to All Supported Files.
Enable Use FortiSandbox Database, so that if the FortiSandbox discovers a threat, it adds a signature for that file to the antivirus signature database on the FortiGate.
Go to Security Profiles > Web Filter and edit the default profile. Under Static URL Filter, enable Block malicious URLs discovered by FortiSandbox.
If the FortiSandbox discovers a threat, the URL that threat came from is added to the list of URLs that are blocked by the FortiGate.
Go to Security Profiles > FortiClient Compliance Profiles and edit the default profile. Enable Security Posture Check. Enable Realtime Protection and Scan with FortiSandbox.
6. Results
If a FortiGate in the Security Fabric discovers a suspicious file, it sends the file to the FortiSandbox.
You can view information about scanned files on either the FortiGate that sent the file or the FortiSandbox. On one of the FortiGate devices, go to the Dashboard and locate the Advanced Threat Protection Statistics widget. This widget shows files that both the FortiGate and FortiSandbox scan.
On the FortiSandbox, go to System > Status and view the Scanning Statistics widget for a summary of scanned files. You can also view a timeline of scanning in the File Scanning Activity widget.
On Edge, go to Security Fabric > Security Rating and run a rating. When it is finished, select the All Results view.
In the example, all four FortiGate devices in the Security Fabric pass the Advanced Threat Protection check and the Security Rating Score increases by 9.7 points for each FortiGate.

For further reading, check out Overview of sandbox inspection in the FortiOS 6.0 Online Help.

The post FortiSandbox in the Security Fabric appeared first on Fortinet Cookbook.

---

Blocking adult/mature content with Google SafeSearch

June 11, 2015, 12:45 pm

≫ Next: Blocking Facebook while allowing Workplace by Facebook

≪ Previous: FortiSandbox in the Security Fabric

$

0

0

In this recipe, you will use FortiGate web filtering to ensure that SafeSearch is applied to all Google search results. You will also block access to websites in the adult/mature content FortiGuard category for all network users. This recipe requires an active FortiGuard web filtering licence. Watch the video 1. Enabling web filtering Go to...

The post Blocking adult/mature content with Google SafeSearch appeared first on Fortinet Cookbook.

Blocking Facebook while allowing Workplace by Facebook

October 26, 2018, 11:55 am

≫ Next: Fortinet Stories Episode 2: FortiGuard

≪ Previous: Blocking adult/mature content with Google SafeSearch

$

0

0

In this recipe, you block access to Facebook using web filtering, while making an exception to allow access to Workplace by Facebook. 1. Creating a web filter profile To make sure the features you need are available in the GUI, go to System > Feature Visibility. Under Security Features, enable Web Filter. Under Additional Features,...

The post Blocking Facebook while allowing Workplace by Facebook appeared first on Fortinet Cookbook.

Fortinet Stories Episode 2: FortiGuard

June 25, 2015, 7:31 am

≫ Next: Web rating overrides (Video)

≪ Previous: Blocking Facebook while allowing Workplace by Facebook

$

0

0

In this episode of Fortinet Stories, Nathan gets connected to FortiGuard and finds out how easy it is to secure his network. Recipes included in this video:  Registration/FortiGuard Basic Firewall Setup Web Filtering Application Control Watch more videos

Web rating overrides (Video)

July 14, 2015, 8:24 am

≫ Next: Blocking adult content with SafeSearch (Video)

≪ Previous: Fortinet Stories Episode 2: FortiGuard

$

0

0

In this video, you will learn how to override a website’s FortiGuard Category rating. FortiGuard Categories are up-to-date lists of websites, which you can use to easily filter certain types of content. By overriding a site’s web rating, you can block a website that is in an allowed category, or allow a website that is...

Blocking adult content with SafeSearch (Video)

July 15, 2015, 8:03 am

≫ Next: Protection from Botnet C&C attacks

≪ Previous: Web rating overrides (Video)

$

0

0

In this video, you will use FortiGate web filtering to apply SafeSearch to all Google results and also block access to websites in the adult/mature content FortiGuard category. In order to block encrypted traffic, you will also either use full SSL inspection or change your network’s DNS settings. By doing this, you can make sure...

Protection from Botnet C&C attacks

December 22, 2015, 6:51 am

≫ Next: Sandboxing with FortiSandbox and FortiClient

≪ Previous: Blocking adult content with SafeSearch (Video)

$

0

0

This recipe uses a new FortiGuard feature: the Botnet C&C (command and control) database to protect your network from Botnet C&C attacks. For this recipe, you will create a new DNS Filter Profile called Botnet&Facebook, block access to all known C&C addresses, and block access to the Social Networking FortiGuard category. In addition, you will...

Sandboxing with FortiSandbox and FortiClient

December 22, 2015, 6:54 am

≫ Next: Exempting Websites from SSL Deep Inspection (Video)

≪ Previous: Protection from Botnet C&C attacks

$

0

0

In this recipe, you will set up sandboxing to send suspicious files to a FortiSandbox Appliance for further inspection. The FortiSandbox scans for threats that can get past other detection methods, using Windows virtual machines (VMs) to test suspicious files in isolation from your network. You will also configure your FortiGate to automatically receive signature...

---

Exempting Websites from SSL Deep Inspection (Video)

February 12, 2016, 12:00 pm

≫ Next: Blocking Facebook with Web Filtering

≪ Previous: Sandboxing with FortiSandbox and FortiClient

$

0

0

In this video, you will learn how to exempt specific websites from SSL Deep Inspection. Exempting a website from SSL Inspection allows a user’s browser to access it without errors, as deep inspection can prevent certain sites from functioning, and can cause some sites to produce certificate errors. You should only exempt websites that you...

Blocking Facebook with Web Filtering

February 23, 2016, 12:00 pm

≫ Next: Basic Firewall Policies (Video)

≪ Previous: Exempting Websites from SSL Deep Inspection (Video)

$

0

0

This recipe explains how to use a static URL filter to block access to Facebook and its subdomains. By using SSL inspection, you ensure that Facebook and its subdomains are also blocked when accessed through HTTPS.   Watch the video   Find this recipe for other [glossary_exclude]FortiOS[/glossary_exclude] versions: 5.2 | 5.4 | 5.6 1. Enabling...

Basic Firewall Policies (Video)

February 29, 2016, 8:53 am

≫ Next: Blocking Facebook with Web Filtering (Video)

≪ Previous: Blocking Facebook with Web Filtering

$

0

0

In this video, you will learn how to create and order multiple security policies in the policy table, to control and limit different types of network traffic. You will create three policies: a basic Internet access policy, which allows users in the internal network to access the internet; a restrictive Mobile policy, allowing users to...

Blocking Facebook with Web Filtering (Video)

March 22, 2016, 11:14 am

≫ Next: Adding Endpoint Control to the Security Fabric

≪ Previous: Basic Firewall Policies (Video)

$

0

0

In this video, you will learn how to block access to Facebook and its subdomains using web filtering. To do this, you will create a static URL filter for facebook.com. You will also use SSL inspection, to make sure that encrypted traffic to Facebook is also blocked. The recipe for this video is available here....

Adding Endpoint Control to the Security Fabric

June 7, 2016, 10:13 pm

≫ Next: Installing internal FortiGates and enabling Security Fabric

≪ Previous: Blocking Facebook with Web Filtering (Video)

$

0

0

In this example, you will use endpoint control on an ISFW FortiGate that is part of a Cooperative Security Fabric (CSF). To do this, you will create a FortiClient Profile that only allows traffic from compliant devices to flow through the FortiGate. The FortiClient Profile will also enforce the use of AntiVirus, Web Filtering, and...