Configuring common items
Both VDOMs require you configure security profiles. These will be configured the same way, but need to be configured in both VDOMs.
The relaxed profile allows users to surf websites they are not allowed to visit during normal business hours. Also a quota is in place to restrict users to one hour of access to these websites to ensure employees do not take long and unproductive lunches.
To create a strict web filtering profile - web-based manager
1. Go to the proper VDOM, and select Security Profiles > Web Filter > Profile.
2. Select Create New.
3. Enter strict for the Name.
4. Expand FortiGuard Web Filtering, and select block for all Categories except Business Oriented, and Other.
5. Block all Classifications except Cached Content, and Image Search.
6. Ensure FortiGuard Quota for all Categories and Classifications is Disabled.
7. Select OK.
To create a strict web filtering profile - CLI
config vdom
edit <vdom_name>
config webfilter profile
edit strict
config ftgd-wf
set allow g07 g08 g21 g22 c01 c03
set deny g01 g02 g03 g04 g05 g06 c02 c04 c05 c06 c07
end
set web-ftgd-err-log enable
end
To create a relaxed web filtering profile - web-based manager
1. Go to the proper VDOM, and select Security Profiles > Web Filter > Profile.
2. Select Create New.
3. Enter relaxed for the Name.
4. Expand FortiGuard Web Filtering, and select block for Potentially Security Violating Category, and Spam URL Classification.
5. Enable FortiGuard Quotas to allow 1 hour for all allowed Categories and Classifications.