Overriding a web filter profile

In this recipe, one user is temporarily allowed to override a web filter profile in order to access sites that would otherwise be blocked. Web filtering blocks the Bandwidth Consuming category for all users, except those who can override the filter.

Find this recipe for other FortiOS versions:
5.2 | 5.4

1. Enabling web filtering and multiple profiles

Go to System > Feature Select to enable Web Filter and Multiple Security Profiles.

Apply changes if necessary.

2. Creating a user group and two users

Go to User & Device > User Groups. Create a new group for users who can override web filtering (in this example, web-filter-override).  
Go to User & Device > User Definition to create two users (in this example, ckent and bwayne).

 

 

 
Assign ckent to the web-filter-override group, but not bwayne.

3. Creating a web filter profile and an override

Go to Security Profiles > Web Filter to create a new profile (block-bandwidth-consuming).

Enable FortiGuard category based filter, then right-click Bandwidth Consuming and select Block.

Go to Security Profiles > Web Filter to enable Allow users to override blocked categories.

Set Groups that can override to web-filter-overrideProfile can switch to defaultSwitch applies to User Group, and Switch Duration to Ask.

4. Adding the new web filter profile to a security policy

Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.

Set Source all, bwayne, and web-filter-override.

Under Security Profiles, enable Web Filter and select the block-bandwidth-consuming profile.

5. Results

Browse to youtube.com, a website that is part of the Bandwidth Consuming category.

Authenticate using the bwayne account. The website is blocked.

Go to Monitor > Firewall User Monitor and De-authenticate bwayne.

Browse to youtube.com again, this time authenticating the ckent account. You can access the website until the override expires.

For further reading, check out the Web Filter chapter in the FortiOS 5.4 Handbook.

Cindy Chung

Technical Writer at Fortinet

Latest posts by Cindy Chung (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.