In this video, you will learn how to use a you Earl filter to block access to a specific website, Facebook. And it's sub domains
when you enable the Ford A Guard categories to allow access to a particular type of content. Such a social networking, you can still prohibit the use of specific websites within that category.
First, go to system dashboard status and verify your 40 guard service is subscription.
If you have an active subscription in the license information, which it, you will see a green check mark beside four to guard Web filtering.
Next, go to Security Profile's Web filter and edit the default Web filter
said inspection mode to proxy
enable four to guard categories. You can set these categories to allow, block, monitor, warn or authenticate, depending on the type of content.
To learn more, go to the fort. A Guard Center's Web filtering rating page at Ford a guard dot com.
Enter a website You Earl to find out it's category rating.
Facebook is in the social networking category
to prohibit visiting one particular social networking site in that category, scroll down and enabled the static Earl
create a new filter and enter the Earl of the website you wish to block
to block also domains of a website set type toe wild card.
Use an asterisk as a wild card character.
Set action to block and set status to enable
Goto policy and objects Policy. SSL inspection To verify your SSL inspection profile settings, you will enable SSL inspection to prevent https access to the Web site you are attempting to block.
Select the certificate inspection profile.
Ensure that see a certificate is set to the default Fortinet C. A s s o proxy
ensure inspection method is set toe SSL certificate inspection To avoid the potential certificate errors that may occur with full SSL inspection.
A naval sshh deep scan
Go to Policy and Objects Policy I p. V. Four and create a new policy that uses the Web filter and SSL inspection profile that you created earlier.
Set the incoming interface to the internal interface.
Set the outgoing interface to the Internet Facing interface
Insure Nat is enabled under Security Profile's enable Web filter and select the default Web filter.
This automatically enables S. S L S S H inspection
Select certificate inspection from the drop down menu
ensure that your policy is at the top of the list. To move your policies, simply click and drag the far left column of the policy.
Open a browser and visit the website that you're attempting to block in this case. Facebook dot com. To ensure that your Web filters successfully blocks http access
afford a guard Web page. Blocked page should appear.
Sub domains of Facebook are also blocked because the wildcard filter was used.
Verify that https access is also blocked by the SSL. As the sage inspection profile that you created,
a Web page blocked page should appear.
Thank you for watching. For more information, you can access Ford in its documentation library at doc's dot Fortinet dot com.