Chapter 15 Unified Threat Management for FortiOS 5.0 : Web filter : Video: Example of Web Filtering configuration relating to blocking HTTP and HTTPS. : School district
  
School district
The background for this scenario is a school district with more than 2300 students and 500 faculty and staff in a preschool, three elementary schools, a middle school, a high school, and a continuing education center. Each elementary school has a computer lab and the high school has three computer labs with connections to the Internet. Such easy access to the Internet ensures that every student touches a computer every day.
With such a diverse group of Internet users, it was not possible for the school district to set different Internet access levels. This meant that faculty and staff were unable to view websites that the school district had blocked. Another issue was the students’ use of proxy sites to circumvent the previous web filtering system. A proxy server acts as a go-between for users seeking to view web pages from another server. If the proxy server has not been blocked by the school district, the students can access the blocked website.
When determining what websites are appropriate for each school, the district examined a number of factors, such as community standards and different needs of each school based on the age of the students.
The district decided to configure the FortiGate web filtering options to block content of an inappropriate nature and to allow each individual school to modify the options to suit the age of the students. This way, each individual school was able to add or remove blocked sites almost immediately and have greater control over their students’ Internet usage.
In this simplified example of the scenario, the district wants to block any websites with the word example on them, as well as the website www.example.com. The first task is to create web content filter lists for the students and the teachers.
To create a web content filter list for the students
config webfilter content
edit 5
set name "Student Web Content List"
config entries
edit example
set action block
set status enable
end
end
It might be more efficient if the Teacher Web Content List included the same blocked content as the student list. From time to time a teacher might have to view a blocked page. It would then be a matter of changing the Action from Block to Allow as the situation required.
To create a web content filter list for the teachers
config webfilter content
edit 5
set name "Teacher Web Content List"
config entries
edit example
set action exempt
set status enable
end
end
URL filter lists with filters to block unwanted web sites must be created for the students and teachers. For this example the URL www.example.com will be used.
To create a URL filter for the students
1. Go to Security Profiles > Web Filter > URL Filter.
2. Select Create New.
3. Enter Student URL List as the URL filter Name.
4. Enter optional comments to describe the contents of the list.
5. Select OK.
The URL filter for the students has been created. Now it must be configured.
6. Select Create New.
7. Enter example.com in the URL field.
8. Select Simple from the Type list.
9. Select Block from the Action list.
10. Select Enable.
11. Select OK.
12. Select OK.
The teachers should be able to view the students’ blocked content, however, so an addition URL filter is needed.
To create a URL filter for the teachers
1. Go to Security Profiles > Web Filter > URL Filter.
2. Select Create New.
3. Enter Teacher URL List as the URL filter Name.
4. Enter optional comments to describe the list.
5. Select OK.
The URL filter for the students has been created. Now it must be configured.
6. Select Create New.
7. Enter www.example.com in the URL field.
8. Select Simple from the Type list.
9. Select Exempt from the Action list.
10. Select Enable.
11. Select OK.
12. Select OK.
A web filter profile must be created for the students and the teachers.
To create a web filter profile for the students
1. Go to Security Profiles > Web Filter > Profiles.
2. Select the Create New icon in the Edit Web Filter window title bar.
3. Enter Students as the Profile Name.
4. Enter optional comments to identify the profile.
5. Expand the Advanced Filter heading.
6. Enable Web Content Filter.
7. Select Student Web Content List from the Web Content Filter drop-down list.
8. Enable Web URL Filter.
9. Select Student URL List from the Web URL Filter drop-down list.
10. Enable Web Resume Download Block.
Selecting this setting will block downloading parts of a file that have already been downloaded and prevent the unintentional download of virus files hidden in fragmented files. Note that some types of files, such as PDFs, are fragmented to increase download speed, and that selecting this option can cause download interruptions with these types.
11. Select OK.
To create a security policy for the students
1. Go to Policy > Policy > Policy.
2. Select Create New.
3. Enable Web Filter.
4. Select Students from the web filter drop-down list.
5. Enter optional comments.
6. Select OK.
To create a web filter profile for the teachers
1. Go to Security Profiles > Web Filter > Profiles.
2. Select the Create New icon in the Edit Web Filter window title bar.
3. Enter Teachers as the Profile Name.
4. Enter optional comments to identify the profile.
5. Expand the Advanced Filter heading.
6. Enable Web Content Filter.
7. Select Teacher Web Content List from the Web Content Filter drop-down list.
8. Enable Web URL Filter.
9. Select Teacher URL List from the Web URL Filter drop-down list.
10. Enable Web Resume Download Block.
11. Select OK.
To create a security policy for Teachers
1. Go to Policy > Policy > Policy.
2. Select Create New.
3. Enable Web Filter.
4. Select Teachers from the web filter drop-down list.
5. Enter optional comments.
Select OK.