Web filtering using quotas

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will create a web filter profile that allows access to websites that are categorized as “General Interest” at any point during the day, but limits access for a total of 5 minutes for each user.

Quotas are the most efficient way of allowing limited access to websites, as they do not require set schedules. To apply web filtering using quotas, you must use a security policy with either user or device authentication. In this recipe, a user account, alistair, has already been configured. For more information about creating user accounts, see User and device authentication.

Find this recipe for other FortiOS versions
5.2 | 5.4

Watch the video

1. Enabling web filtering

Go to System > Config > Features and make sure that Web Filter is ON. If necessary, Apply your changes.

 

2. Creating a web filter profile that uses quotas

Go to Security Profiles > Web Filter > Profiles. Edit the default profile and enable FortiGuard
Categories.
 
Right-click on the category General Interest – Personal and select Monitor. Do the same for the category General Interest – Business.
 
These categories include a variety of sites that are commonly blocked in the workplace, such as games, instant messaging, and social media.
 
 
Expand Quota on Categories with Monitor, Warning and Authenticate Actions and select Create New.
 
Select both General Interest – Personal and General Interest – Business. For testing purposes, set the Quota amount to 5 Minutes.
 
The web filter will now list all the sub-categories listed in the two categories and the applied quota.  

3. Adding web filtering to a security policy with user authentication

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Web Filter and use the default profile.

 

4. Results

 
Browse to www.ebay.com, a website that is found within the General Interest – Personal category.
 
Access to the website is allowed for 5 minutes, after which a block message appears. The message will persist for all General Interest – Personal sites until the quota is reset, which occurs every 24 hours at midnight.
 

Go to System > FortiView > Threats and select the 5 minutes view. You will be able to see the blocked traffic.

 

For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
An active license for FortiGuard Web Filtering Services is required to use web filtering with quotas.
  • Daniel Leguizamon

    I am trying version 5.4 and looking for a way to view users and their current quotas either on the web UI or the CLI. Any suggestions?

    • Victoria Martin

      Hello Daniel,

      Unfortunately, there is currently no method to do this in FortiOS 5.4.

  • David Follis

    Previous version of the FortiOS had a nice page that showed users and their quota counts. Would be nice to have this returned.