How To Setup Fortinet’s Web Filter On A FortiGate

Fortinet FortiGate’s are capable of acting as web filters. I really love some of the security features of the FortiGate, but the Web Filter is quite a pain to setup. To setup Web Filter on a FortiGate device:

  1. First install the FSSO Agent on all your domain controllers
  2. In AD Users and Computers create security groups populated with users that you would like to monitor and control from the FortiGate Web Filter. These groups should be sufficiently granular, because later on in this setup guide you will be changing the web filter settings based on these groups
  3. Next run the FSSO Agent then click Run as Administrator from within the program.
  4. Go through the buttons on the right hand side of the FSSO Agent, entering the configuration relevant to your organisations requirements. The one thing that’s not obvious here is that you need to add the AD groups you created earlier to the Set Group Filters list. This list is the list that the FSSO Agent will send to the FortiGate to monitor and control web access with Ensure that Monitor
  5. Put ticks in the Monitoring user logon events and Support NTLM Authentication checkboxes
  6. Tick Require authenticated connection from FortiGate and enter a secure password
  7. On the last install of the FSSO Agent on your Domain Controller, Click the button to Sync the Configuration to Other Agents
  8. On the FortiGate web interface, click User -> Remote -> LDAP and click Create new
  9. Follow the steps to create a new LDAP connection
  10. Next click User -> Single Sign On -> FSSO Agent and click Create new
  11. Enter a name for the connection and IP addresses of all FSSO Agents (enter the password you specified in step 6
  12. Under User Group, create a new user group for each AD group that you created in step 2 (They will be listed after you select Fortinet Single Sign-On (FSSO)). If the AD groups you created aren’t listed, you may need to refresh the groups in FortiGate
  13. Under UTM Profiles -> Web Filter -> Profile and create a profile for each group
  14. Under Policy, create a policy for outbound traffic
  15. Click Enable Identity Based Policy and tick Fortinet Single Sign-On (FSSO) then the Add button to apply an AD group to the policy and tick UTM and select the Web Filter policy to apply to that AD group
  16. Repeat steps 14 and 15 for each AD group you would like to apply Fortinet Web filtering to
VN:F [1.9.22_1171]
Rating: 9.5/10 (2 votes cast)
How To Setup Fortinet's Web Filter On A FortiGate, 9.5 out of 10 based on 2 ratings

Leave a comment

Your email address will not be published. Required fields are marked *