Web Filtering

Flow-based Inspection 

• Flow-based inspection inspects the traffic as it passes through the firewall. 

• Flow-based inspection is the default mode. 

• Flow-based mode performs faster scanning and uses less resources on the firewall. 

• Go to, Policy & Objects > Firewall Policy > Inspection Mode: Flow-based 

Poxy-based Inspection 

• Operates as a poxy between the source and destination. 

• Adds more latency between the sender and destination. 

• Performs a deeper inspection but uses more resources. 

• Provides a higher level of threat detection/protection. 

• Go to, Policy & Objects > Firewall Policy > Inspection Mode: Proxy-based 

NGFW Modes 

• Profile-based 

  • This mode requires both application control and web filtering profiles. 

  • Applies the profile to the policy 

  • Create custom profiles, then apply to Firewall Policy if needed. 

  • Applicable to both poxy-based and flow-based inspection modes. 

  • To create/view web filter pro a profile, go to Security Profile > Web Filter. 

• Policy-based 

  • Application control and web filtering applied directly to the policy. 

  • Does not require application control and web filtering profiles. 

  • Applicable only to flow-based inspection. 

  • Go to, Policy & Objects > Security Policy. 

• Antivirus is always profile-based. 

• Firewall modes can be configured on FortiGate or VDOMs. 

• Go to, System > Settings 

• To access the SSL Inspection Profile, go to Policy & Objects > SSL Inspection & Authentication 

Web Filtering 

• Used to control and track the websites visited by users. 

• Decrease web-based threats. 

• Prevent data loss and viewing NSFW materials. 

Custom Web Filter Message 

• Go to, System > Replacement Messages 

Web Rating Override 

• Changes a website category, not the category action 

• Go to, Security Profiles > Web Rating Overrides 

Static URL Filtering 

• Go to, Security Profiles > Web Filter > select a web filter profile > enable URL Filter > Create New entry > set Action and Status as enable. 

• Possible actions: 

  • Allow – Allow access 

  • Block – Restrict access 

  • Monitor – Traffic is permitted and logs are created. 

  • Exempt – Permits traffic from trusted sources to bypass all security inspections 

Search Engine filtering 

• Available within proxy-based mode 

• Requires FortiGate to perform deep SSL inspection 

• Restricts websites or images from search results 

• Logs all search keywords 

• Go to, Security Profiles > Web Filter > Search Engines 

Web Content filtering 

• Requires FortiGate to perform deep SSL inspection  

• Scans the content within web pages 

• Matches content from wildcards or perl regular expressions 

• Go to, Security Profiles > Web Filter > enable Content Filter (under Static URL Filter) > Create New 

• Actions: Exempt or block. 

Video filtering 

• Proxy-based mode with Full SSL Inspection is required 

• Requires a YouTube API  

• Go to, Security Profiles > Video Filter 

Troubleshooting 

• Check if Security Profiles are applied to the right Firewall Policies. 

• Check FortiGaurd connection, use # diagnose debug rating 

• Web Filter Cache, System > FortiGaurd > Filtering > web filter cache timer 

• To view web filter log, go to Log & Report > Security Events > click on Web Filter