FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Article Id 194497
Description
When a search with a word related on banned category in web filter profile is made, images of this banned category are displayed on search engine webpage such as Google images for example.

This article explains how images of this banned categories can be blocked on search engines.

Solution
1) Using full SSL inspection.

Go to Policy & Objects -> Policy -> IPv4 and edit the policy that allows connections from the internal network to the Internet.

Set SSL/SSH Inspection to use the deep-inspection profile.
Using the deep-inspection profile may cause certificate errors.
For information about avoiding this, see Preventing certificate warnings.


2) Changing the DNS records for www.google.com.

In order to force Google SafeSearch for the entire network.
Set the DNS entry for www.google.com (and another other Google search domains, such as www.google.ca) to be a Canonical Name (CNAME) for forcesafesearch.google.com.
This force all search traffic to use forcesafesearch.google.com.

The method for changing the DNS records using the FortiGate varies, depending on whether the FortiGate is the network’s DNS server, or if an external server is used.

3) Enabling Safe Search – GUI:

Go to Security Profile -> WebFilter, select respective Web Filter Profile, Search Engines, Enforce 'Safe Search' on Google, Yahoo!, Bing, Yandex (Enable this option) and select 'Apply'.





This enforces the use of Safe Search in traffic controlled by the firewall policies using the 'Web Filter' profile configured.

Contributors