29

1. Verify FortiGuard services are enabled.

2. Create a web lter prole
3. Create an SSL inspection prole
4. Create a security prole with the web lter and SSL proles
5. Results
Blocking HTT PS traffc with web fltering
Some websites are accessible using http and https protocols, such as YouTube and
Facebook. This example steps through how to block https access to these websites
using either proxy-based or fow-based web fltering profles. You will need to have
your FortiGate licensed for FortiGuard services.
FortiGuard
HTT PS
YouTube
Facebook
Internet
WAN 1
FortiGate
Internal
Internal Network
30
Go to System > Dashboard > Status.
Go to UTM Security Profles > Web Filter
> Profle. Select the plus icon in the upper-
right corner to create a new profle.
Ensure the inspection mode is set to
Proxy. You can also set the Inspection
Mode to Flow-based or DNS.
In the Licence Information widget, verify
that the FortiGate unit is connected to the
FortiGuard servers. A green check mark
should appear next to the services you are
subscribed to.
Step One: Verify FortiGuard services
are enabled
Step Two: Create a web flter profle
31
Go to Policy > Policy > SSL/SSH
Inspection.
Select the plus icon in the upper-right
corner to create a new profle and enable
only the HTTPS option.
Go to Policy > Policy > Policy.
Create a new security policy that uses the
new SSL/SSH inspection profle and the
HTTPS web flter profle.
Step Three: Create a SSL Inspection
protile
Step Four: Create a security profle
32
Results
In a web browser, go to
https://youtube.com. The web page is
blocked and a FortiGate replacement
message is put up in its place.
Go to UTM Security Profles > Monitor >
Web Monitor.
Go to System > Admin > Settings.
Enable UTM Monitoring in the Display
Options on GUI area.
If you chose DNS block or redirect,
when you visit https://youtube.com, the
browser is timing out and there is no block
message comes from FortiGuard.