Blocking social media websites using FortiGuard categories

Illustration of process of using FortiGuard to block access to social media websites
Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

This recipe explains how to block access to social media websites using FortiGuard categories. An active license for FortiGuard Web Filtering service is required.

Web filtering with FortiGuard categories allows you to take action against a group of websites, whereas a Static URL Filter is intended to block or monitor specific URLs. Consult this blog post to determine whether to use FortiGuard categories or a Static URL Filter to control your internal network’s access to websites.

If you wish to use a static URL filter to block access to a website and its subdomains, follow the example described in Blocking Facebook with Web Filtering

Watch the video

1. Enabling the Web Filter feature

Go to System > Feature Select and confirm that the Web Filter feature is enabled.

Enable Web Filter feature

2. Editing the default Web Filter profile

Go to Security Profiles > Web Filter and edit the default Web Filter profile. Confirm that the FortiGuard category based filter is enabled.

 Edit web filter security profile; enable FortiGuard category filter

Right-click on the General Interest – Personal FortiGuard category. Scroll down to the Social Networking subcategory and right-click again. Select Block.

 Block social networking category

3. Adding the Web Filter profile to the Internet access policy

Go to Policy & Objects > IPv4 Policy, and click Create New. Give the policy a name that identifies its use.

Set Incoming Interface to the internal network and set Outgoing Interface to the Internet-facing interface.

Enable NAT.

 Create IPv4 security policy

Under Security Profiles, enable Web Filter and select the default web filter profile. 

Enable SSL/SSH Inspection and select certificate-inspection from the dropdown menu. This allows the FortiGate to apply web filtering to HTTPS traffic.

 Edit iPv4 security profile

In order to be applied to Internet traffic, the new policy has to be higher in the policy sequence than any other policy that could manage the same traffic. Confirm this under Policy & Objects > IPv4 Policy by viewing policies By Sequence.

To move a policy up or down, click and drag the far-left column of the policy.

Move iPv4 poliy to top of list

4. Results

Attempt to visit a social networking site such as facebook.com, twitter.com, or meetup.com.

A FortiGuard Web Page Blocked! message appears when attempting to visit sites in the blocked category.

Results Facebook blocked

Go to FortiView > Websites and select the 5 minutes view.  The blocked social networking sites are listed in the Domain column.

FortiView Websites results showing blocked social media sites

For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.4 Handbook.

Judith Haney

Judith Haney

Technical Writer at Fortinet
Judith Haney is a Technical Writer on the FortiOS technical documentation team. She graduated with honours from Algonquin College's Technical Writer program in September 2014. In a previous lifetime, Judith earned degrees in Mathematics (B.S.) and French literature (M.A.).
Judith Haney

Latest posts by Judith Haney (see all)

  • Was this helpful?
  • Yes   No
FortiGuard’s web filtering categories are organized into six main groups; descriptions can be found at FortiGuard Center.
Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.
The HTTPS protocol is automatically applied to these addresses, even if it is not entered.