Restricting online gaming to evenings

In this example, online gaming will only be allowed from 7-11PM. This includes gaming websites, applications, and consoles.

This example assumes that a general policy allowing connections from the internal network to the Internet has already been configured.

1. Enabling application control, web filtering, and device identification

Go to System > Config > Features and enable both Application Control and Web Filter. Apply your changes.

 

Go to System > Network > Interfaces and edit your lan interface. Enable Detect and Identify Devices.  

2. Configuring application control and web filtering

Go to Security Profiles > Application Control and edit the default policy.

Under Categories, select Game, and set the category to Block. Under Options, enable Deep Inspection of Cloud Applications.

 

Go to Security Profiles > Web Filter and edit the default profile.

Enable FortiGuard Categories. Expand the General Interest – Personal category and select the sub-category Games. Set this sub-category to Block.

 

3. Editing your general policy to block gaming

 

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Set Source Device Type to all devices types that will be allowed on your network. Do not include Gaming Consoles.

Under Security Profiles, enable both Application Control and Web Filter and set both to use to default profiles. Set SSL/SSH Inspection to deep-inspection.

 

3. Creating a schedule for when gaming is allowed

Go to Policy & Objects > Objects > Schedules and create a new recurring schedule.

Select all Days and set Start Time to Hour 19 (7PM) and Stop Time to Hour 23 (11PM).

 

4. Creating a policy that allows gaming between 7-11PM

Go to Policy & Objects > Policy > IPv4 and create a new policy that will allow devices on the LAN to have Internet access.

Set Schedule to use the new schedule.

 

Go to System > Dashboard > Status and enter the following in the CLI console, substituting the ID for the new policy.

This will make sure that if someone is gaming during the allowed time, their session will be blocked after 11PM.

config firewall policy
  edit

    set schedule-timeout enable
  end
end

6. Ordering the policies  

Go to Policy & Objects > Policy > IPv4 and order the policies so that the general policy is located below the policy that allows gaming between 7-11PM.  

7. Results  

During the time that gaming is blocked, attempt to browse to a gaming website, such as Yahoo Games. The site is blocked.

Attempt to run an online gaming application, such Steam. The application will be unable to connect to the Internet.

 

To view information about this blocked traffic, go to System > FortiView > Applications.

 

Attempt to connect to the Internet using a gaming console. The console will be unable to connect to the Internet.

Between 7-11PM, you are able to access the website, and all gaming applications and consoles can connect to the Internet. 

For further reading, check out the Security Profiles in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin
If you need to check the types of devices that are connecting to your network, go to User & Device > Device > Device Definitions
Using the deep-inspection profile may cause certificate errors. For information about avoiding this, see Preventing certificate warnings.
Because Application Control uses flow-based inspection, if you apply an additional security profile to your traffic that is proxy-based, the connection will simply timeout rather than display the replacement message. However, Application Control will still function.

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.