Blocking Facebook


In this example, you will learn how to configure a FortiGate to prevent access to a specific social networking website, including its subdomains, by means of a static URL filter.

When you allow access to a particular type of content, such as the FortiGuard Social Networking category, there may still be certain websites in that category that you wish to prohibit. By using SSL inspection, you ensure that this website is also blocked when accessed through HTTPS protocol.

Find this recipe for other FortiOS versions:
5.2 | 5.4 | 5.6

1. Verifying FortiGuard Services subscription

Go to System > Dashboard > Status.In the License Information widget, verify that you have an active subscription to FortiGuard Web Filtering. If you have a subscription, the service will have a green checkmark beside it.

2. Editing the Web Filter profile

Go to Security Profiles > Web Filter and edit the default Web Filter profile.

Set Inspection Mode to Proxy.

Enable the FortiGuard Categories that allow, block, monitor, warn or authenticate websites, depending on the type of content.
Under FortiGuard Categories, go to General Interest – Personal. Right-click on the Social Networking subcategory and ensure it is set to Allow .
To prohibit visiting one particular social networking site in that category, go to Static URL filter, select Enable URL Filter, and then click Create New
For your new web filter, enter the URL of the website you are attempting to block. If you want to block all of the subdomains for that website, omit the protocol in the URL and enter an asterisk (*). For this example, enter:*

Set Type to Wildcard, set Action to block, and set Status to Enable.


3. Creating a security policy

Go to Policy & Objects > Policy > IPv4, and click Create New.

Set the Incoming Interface to allow packets from your internal network and set the Outgoing Interface to proceed to the Internet-facing interface (typically wan1).

Enable NAT.

Under Security Profiles, enable Web Filter and select the default web filter.
This automatically enables SSL/SSH Inspection. Select certificate-inspection from the dropdown menu. This profile allows the FortiGate to inspect and apply web filtering to HTTPS traffic.
After you have created your new policy, ensure that it is at the top of the policy list. To move your policy up or down, click and drag the far left column of the policy.

4. Results

Visit the following sites to verify that your web filter is blocking websites ending in

A FortiGuard Web Page Blocked! page should appear.

Visit to verify that HTTPS protocol is blocked.

A Web Page Blocked! page should appear.

For further reading, check out Static URL Filter in the FortiOS 5.2 Handbook.

Fortinet Technical Documentation

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)

  • Was this helpful?
  • Yes   No
Learn more about FortiGuard Categories at the FortiGuard Center web filtering rating page: