Hot!Block websites using Fortinet-Webfilter-Category-Block attribute freeradius

Author
starking9b
New Member
  • Total Posts : 17
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/01 10:04:10
  • Status: offline
2018/07/13 01:19:35 (permalink)
0

Block websites using Fortinet-Webfilter-Category-Block attribute freeradius

hello 
I integrated freeradius server with fortigate , but when I reading about fortinet radius server I found this attribute 
Fortinet-Webfilter-Category-Block  which mean I can block websites from freeradius using that attribute in reply section .
but when I  applied this attribute it give me error  and deny user from access internet 
the definition of this attribute tell us that we must using octets value 
Fortinet-Webfilter-Category-Block 17 octets
but if I want to block facebook for example what should I using as value of that attribute ? please help me 
 
#1
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/13 08:57:37 (permalink)
0
I didn't know it's supported. Can you share where you read it? Only attributes I know were in below:
http://kb.fortinet.com/kb....do?externalID=FD30830
But if supported, likely it's expecting one of numbers (or multiple) from below:
http://kb.fortinet.com/kb/viewContent.do?externalId=FD30715
Facebook is not a category. It's a part of Social Networking.
https://fortiguard.com/webfilter?q=facebook.com&version=8
So if the category attribute worked, I would define it and include in one of local categories, which you can see the ID in CLI, then specify it with the attribute. Again, I didn't know it was supported so I never tested it.
 
#2
starking9b
New Member
  • Total Posts : 17
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/01 10:04:10
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/13 11:49:39 (permalink)
0
thank you for reply 
in this web page there are new attributes which shared from fortinet 
http://kb.fortinet.com/kb/viewContent.do?externalId=FD36919&sliceId=1
 
 
#3
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/13 12:11:13 (permalink)
0
Thanks!
#4
starking9b
New Member
  • Total Posts : 17
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/01 10:04:10
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/13 14:06:58 (permalink)
0
but as you see the attributes value is octets so how can I configure it ?did you mean I will set value like this
Fortinet‐Webfilter‐Category‐Block:= g02 g03 g04 g05 g06 g07 g08 g21 g22 c01 c02 c03 c04 c0
if u working on fortigate and freeradius we can share our knowledge  between us
this is my whatsapp number :00905373545631 and I wish to contact me 
post edited by starking9b - 2018/07/13 14:09:23
#5
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/13 14:30:50 (permalink)
0
I think that "Octets" mean it's NOT either "ip address" or "string". In other words integer.
Have you tried like below?
Fortinet‐Webfilter‐Category‐Block:=17
 
#6
starking9b
New Member
  • Total Posts : 17
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/01 10:04:10
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/14 02:42:44 (permalink)
0
I don't tried it yet because now I at holiday but I will try it when I can , thank you very much for your help 
but I have another problem and I don't know if you have any solution for it, my boss asked me to control user's bandwidth but I don't find any attribute belong to fortinet to limit bandwidth, do you know how can I do that ?
#7
Toshi Esumi
Expert Member
  • Total Posts : 960
  • Scores: 56
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Block websites using Fortinet-Webfilter-Category-Block attribute freeradius 2018/07/14 20:44:08 (permalink)
0
Probably you're lookin for "Per-IP shaper". Go to online help below and choose your version, like 5.4, 5.6, 6.0. Then search "traffic shaping methods". It would tell you how to set up a shaper and a shaping-policy. You might need to set separate IP ranges for different levels of allowed bandwidths. I don't think you can directly specify a shaper from RADIUS. You need to use either IP or group.
http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortiOS-HTML5-v2/Home.htm
 
 
#8
Jump to:
© 2018 APG vNext Commercial Version 5.5