{{ secondMenu.name }}
config webfilter profile
edit "<Profile-Name>" # Name of the web filter profile
set comment "URL Filtering" # Description for the profile
config urlfilter # Define URL-based filtering rules
edit 1
set url "facebook.com" # Specific domain or URL pattern
set action {block|allow|monitor} # Action when URL is matched
next
end
next
end
| FortiGate Parameter |
FortiGate Parameter Description |
Corresponding Sangfor NGAF Module/Parameter |
Migration Notes |
| name |
URL filtering policy name |
Objects > Security Policy Template > Content Security |
The name can be kept consistent |
| comment |
Policy remarks |
Objects > Security Policy Template > Content Security |
Can be copied directly |
| urlfilter |
URL filtering list configuration block |
URL whitelist/blacklist / Custom URL rules |
Select the NGAF URL category |
| url |
Matched domain or URL |
Objects > Security Policy Template > Content Security |
Wildcards are supported; NGAF syntax is the same (e.g., *.facebook.com) |
| action |
Action after match (block / allow / monitor) |
Policies > Network Security > Policies |
No need to configure actions in the template; actions are set in the Network Security Policy |
Because Fortigate's webfilter configuration file differs significantly from NGFW, it is recommended to understand the protection capabilities of Fortigate's webfilter before configuring it according to Sangfor NGFW's content security template and referencing it in the policy.
The content security policy includes Email Protection, URL Filter, and File Protection. Email Protection detects email content, filters attachments, and verifies emails with Engine Zero. URL Filter filters the URL addresses of web pages that meet the preset conditions. File Protection is to filter files and verify files with Engine Zero. See the figure below. 
Click Objects > Security Policy Template > Content Security to enter the Content Security page to add or delete content security policy templates. Click Add. The Add Template page appears, as shown below. 
Name: Define the name of the template.
Description: Define the description of the template.
Email Protection: Detect email content, filter attachments, and verify emails with Engine Zero.
Server Port: There are three ports (25, 110, and 143) by default. For an encrypted email protocol, enable decryption for Internet access.
Malicious Email Alert: When the user receives a malicious email, this alert will be added to the email subject.
URL Filter: Filter the URL addresses of web pages meeting the preset conditions.
File Protection: Filter files and verify files with Engine Zero.
Schedule: Indicate a filter condition. The policy can take effect only if filtering is performed within a specified point in time. It will call the defined time object on the Objects > Schedule page.
Advanced: Set relevant filter conditions, filter types, and thresholds for Email Protection, URL Filter, and File Protection.
URL Filter
Request Method: Select HTTP (get), HTTP (post), or HTTPS filter for specified URL categories. For example, to prevent LAN users from browsing certain types of web pages, select HTTP (get); to allow LAN users to browse web pages but ban file upload (BBS posting), select HTTP (post).
Select HTTPS and HTTP (get), or HTTPS and HTTP (post) to restrict access to the HTTPS website or only allow browsing, while file uploading is not allowed.
The HTTPS option is not enabled by default. It is necessary to enable the HTTPS option so that the content security function is working with the HTTPS protocol.
{{ $t('index.defaultHeader.chromeBrowserTip') }}