Overriding a web filter profile

1. Enabling web filtering and multiple profiles

Go to System > Config > Features and make sure that Web Filter is turned ON.

Select Show More and enable Multiple Security Profiles.

Apply the changes.

2. Creating a user group and two users

3. Creating a web filter profile and override

Go to Security Profiles > Web Filter and create a new profile (in the example, block-bandwidth-consuming).

Enable FortiGuard Categories, then right-click Bandwidth Consuming and select Block.

Go to Security Profiles > Advanced > Web Profile Overrides and create a new override.

Set Scope Range to User Group, User Group to the web-filter-override group, Original Profile to the block-bandwidth-consuming profile, and New Profile to the default profile.

Set an appropriate Expires time to control how long the override can be used (in the example, 100 hours after the override is created).

4. Adding the new web filter profile to a security policy

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Set Source User(s) to allow both the web-filter-override group and user bwayne.

Under Security Profiles, turn on Web Filter and use the new profile.

5. Results

Browse to blip.tv, a website that is part of the Bandwidth Consuming category.

Authenticate using the bwayne account. The website is blocked.

Go to User & Device > Monitor > Firewall and De-authenticate bwayne.

Browse to blip.tv again, this time authenticating using the ckent account. You can access the website until the override expires.