Fortigate firewall: How to configure Web Filtering to block web access

1.The purpose of the article

In this article, Techbast will show you how to configure Web Filtering to prevent users from accessing unwanted websites.



We have a Fortinet firewall device connected to the internet at port wan1 with a static IP of 115.78.x.x.

The LAN subnet of the Fortinet device is configured at port internal3 with an IP of and has DHCP configured to allocate to devices connected to it.

Finally, Computer 1 receives DHCP from Fortinet with IP

On this Fortinet device has been configured with policy, NAT, routing, … so that computers in the LAN such as Computer 1 can access the internet.


Techbast will configure the Web Filter feature to block access to facebook pages and block websites related to adult content.

4.What to do

  • Check the Web Filter license again.
  • Create Web Filter profile.
  • Assign the Web Filter profile to the policy.


5.1.Check the Web Filter license again.

First to configure and use the Web Filter feature on Fortinet we need to make sure that the Fortinet firewall device has the Web Filter license enabled.

To check we go to System > Feature Visibility.

At the Security Feature we need to make sure that the Web Filter feature is enabled.

5.2.Create Web Filter profile

After making sure that the Web Filter license is activated, to use the feature we need to create a Web Filter profile.

Web Filter profile is where we can optionally add or remove categories, custom URLs to the list of websites we want to block.

To create a Web Filter profile we go to Security Profile > Web Filter > click Create New.

First we need to name it, here we will name it block-web.

At Feature set we choose Flow-based and turn on the FortiGuard category based filter feature.

Below we will have a list of web categories that Fortinet has classified.

As the configuration situation mentioned above we will block access to adult websites.

You drag your mouse down and you will see that there are categories marked as Adult/Mature Content. This is where adult web categories are located.

For example, here I will block access to 2 categories, Pornography and Nudity and Risque.

To block these 2 categories, we just need to click on that category and select the Block action at the top of the table.

Next to block page, we need to use the Static URL Filter feature.

To configure this feature, we scroll down to see the Static URL Filter section, we click the switch at URL Filter.

Then a table will appear for us to add parameters.

To configure the parameters we click Create New.

  • URL: enter the link
  • Type: select Wildcard.
  • Action: select Block.
  • Status: select Enable.
  • Click OK.

After configuring the URL Filter that we just displayed as follows.

After completing the requirements according to the configuration situation, we click OK to save the Web Filter profile.

5.3. Assign the Web Filter profile to the policy

After we have created the Web Filter profile, we need to add our policy to allow users in the internal network to access the internet.

To add us to Policy & Object > Firewall Policy >   double-click on the policy that allows internet access to edit.

We scroll down and notice in the Security Profiles section, we need to tick the switch at Web Filter to enable this feature for the policy and then select the Web Filter profiles block-web that we created earlier.

Then click OK to save.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.