FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff
Article Id 196205

Description

 

This article describes the FortiOS 'Safe Search' feature, which will force connections going to certain search engines to use safe search feature on the portal, and provides steps on how to enable it.


Scope


FortiGate - Safe Search, Google, Yahoo, Bing.


Solution


Safe Search is a feature of popular search sites that prevents explicit web sites and images from appearing in search results.
Although Safe Search is a useful tool, especially in educational environments, the resourceful user may be able to simply turn it off. Enabling Safe Search for the supported search sites enforces its use by rewriting the search URL to include the code to indicate the use of the Safe Search feature.
For example, on a Google search it would mean adding the string “&safe=active” to the URL in the search.


The search sites supported are:

  • Google.
  • Yahoo.
  • Bing.
  • Yandex.

Enabling Safe Search in the GUI

Navigate to the FortiGate GUI -> Security Profile -> WebFilter.
Select the intended Web Filter Profile.
Select Search Engines.
Enable Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex.
Select Apply.

 

Enabling SafeSearch in the CLI
 
Run the following configuration in the CLI:

config webfilter profile
edit default                  
config web
set safe-search <url>
end
end
 
For Google, it may be necessary to block QUIC under the application control menu:

quick.JPG
This enforces the use of Safe Search in traffic controlled by the firewall policies using the web filter that was configured.

The safe search feature is not supported in flow inspection mode. See the administration guide for more information.

Note: SSL/SSH deep inspection is mandatory for safe search enforcement to work. Enable a deep inspection profile in the corresponding IPv4 policy.