DO NOT REPRINT © FORTINET LAB 10-Web Fitering LAB 10-Web Filtering In this lab, you will configure one of the most used security profiles on FortiGate: web filter. This includes configuring a FortiGuard category-based filter, applying the web filter profile on a firewall policy, testing your configuration, and basic troubleshooting. You will also apply overndes to Fortiuard website categories and perform overrides to the web filtering profile. The web filtering overrides allow you to execute different actions, rather than the configured actions on the web filter security profile. Objectives © Configure web filtering on a FortiGate device. + Apply the FortiGuard eategory-based option for web filtering. + Troubleshoot the web fier. * Read and interpret web filter log entries. © Configure web rating overrides. * Configure web profile overrides. Time to Complete Estimated: 25 minutes Prerequisites Before beginning this lab, you must clear your wea browser history/eache and restore a configuration file to the Local-FortiGate. To clear the web browser history 41. From the Local-Windows VM, open the browser and click the menu icon in the upper-tight corner. 2 momnpegene Tee weet ao oo & *-~ 0 © K Ww c Ee Cc L 2. Goto History > Clear Recent History and select Everything as the time range to clear. 3. Click Clear Now. FortiGate | Student Guide 128DO NOT REPRINT © FORTINET LAB 10-Web Fitering To restore the FortiGate configuration file 1. From the Local-Windows VM, open a browser and log in as admin to the Local-FortiGate GUI at 10-0.1.254. 2. Goto Dashboard, and from the System Information widget click Restore. System Information HA Stats Standalone [Configure] Host Name -ncabFontGate [Charge] Serial Naber =ovwo10000084682 ‘Operation Mose war Inspection Mode Preny-based [Change] System Time Tue Jul 19.05 68:20 2016 FortiGuard) (Change Fmware Version "4.1 bale1084 (GA) [Update] ‘System Configurator: Backup] evsions] ‘Current ministrator scimin (Change Passwoc in Tota [Detals) Uptime 3day(s) 21 hour(s) 26 mins) 3. Select to restore from Local PC and click Upload. 4, Browse to Desktop > Resources > FortiGate-1 > Web-Filtering and select Local -web~ filtering. coné. 5. Click OK. 6. Click OK to reboot. FortiGate | Student Guide 129 K Ww c Ee CcDO NOT REPRINT © FORTINET LAB 10-Web Fitering 1 FortiGuard Web Filtering In order to configure FortiGate for web filtering based on FortiGuard categories, you must ensure FortiGate has a valid FortiGuard security subscription license. The license provides the web fitering capabilities necessary to protect against inappropriate websites, ‘You must then configure a category-based web fiter security profile on FortiGate and apply the security profile on a firewall policy to inspect the HTTP traffic. Finally you can test different actions taken by the FortiGate according to the website rating. Reviewing the FortiGate settings ‘You will review the inspection mode and the license status according to the uploaded settings. You will also list the FortiGuard distribution servers (FDS) that your FortiGate will use to send the web filtering requests. To review the restored settings on FortiGate 41. From the Local-Windows VM, open a browser and log in as adinin to the Local-FortiGate GUI at 10.0.1.254. 2. Go to Dashboard, and from the License Information widget, confirm that the FortiGuard Web Filtering service is licensed and active ‘Agrean check mark should be displayed. License Information a Fonte > * ce ove fewer > BD vnvanscnne bomen : cpus = & Potcy & cpeete > EB supoar conic: Regsaion © Register @ Secunty Profiles > PS & Application Control @ Licensed | coven > moins Licensed Forget B User & Device > @ Web Faterng ‘@ Licensed Pweiasachcatote 3 Tee gBaaTRS— @ Lcd 3. Open PUTTY from the Local:Windows VM, and connect to the LOCAL-FORTIGATE saved session (connect over SSH). 4. Log in as acim’ n and type the following cammand to check the status of the web filtering service: get webfilter status ‘The get webfilter status and diagnose debug rating commands show the ist of FortiGuard FDS that your FortiGate uses to send web fitering requests. In normal operations, FortiGate only sends the rating requests to the server on the top of the list. Each server is probed for round trip time (RTT) every two minutes. K Ww c Ee Cc FortiGate | Student Guide 130