In this example, online gaming will only be allowed from 7-11PM. This includes gaming websites, applications, and consoles.
This example assumes that a general policy allowing connections from the internal network to the Internet has already been configured.
1. Enabling application control, web filtering, and device identification |
|
| Go to System > Config > Features and enable both Application Control and Web Filter. Apply your changes. |
|
| Go to System > Network > Interfaces and edit your lan interface. Enable Detect and Identify Devices. |  |
2. Configuring application control and web filtering |
|
|
Go to Security Profiles > Application Control and edit the default policy. Under Categories, select Game, and set the category to Block. Under Options, enable Deep Inspection of Cloud Applications. |
 |
|
Go to Security Profiles > Web Filter and edit the default profile. Enable FortiGuard Categories. Expand the General Interest – Personal category and select the sub-category Games. Set this sub-category to Block. |
 |
3. Editing your general policy to block gaming |
|
|
Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet. Set Source Device Type to all devices types that will be allowed on your network. Do not include Gaming Consoles. Under Security Profiles, enable both Application Control and Web Filter and set both to use to default profiles. Set SSL/SSH Inspection to deep-inspection. |
 |
3. Creating a schedule for when gaming is allowed |
|
|
Go to Policy & Objects > Objects > Schedules and create a new recurring schedule. Select all Days and set Start Time to Hour 19 (7PM) and Stop Time to Hour 23 (11PM). |
 |
4. Creating a policy that allows gaming between 7-11PM |
|
|
Go to Policy & Objects > Policy > IPv4 and create a new policy that will allow devices on the LAN to have Internet access. Set Schedule to use the new schedule. |
 |
|
Go to System > Dashboard > Status and enter the following in the CLI console, substituting the ID for the new policy. This will make sure that if someone is gaming during the allowed time, their session will be blocked after 11PM. |
|
6. Ordering the policies |
|
| Go to Policy & Objects > Policy > IPv4 and order the policies so that the general policy is located below the policy that allows gaming between 7-11PM. |  |
7. Results |
|
|
During the time that gaming is blocked, attempt to browse to a gaming website, such as Yahoo Games. The site is blocked. Attempt to run an online gaming application, such Steam. The application will be unable to connect to the Internet. |
 |
|
To view information about this blocked traffic, go to System > FortiView > Applications. |
 |
|
Attempt to connect to the Internet using a gaming console. The console will be unable to connect to the Internet. |
|
| Between 7-11PM, you are able to access the website, and all gaming applications and consoles can connect to the Internet. | |
For further reading, check out the Security Profiles in the FortiOS 5.2 Handbook.
The post Restricting online gaming to evenings appeared first on Fortinet Cookbook.