Helpful ReplyHot!Implementing UK Prevent agenda web filtering

Author
paul.woods@durham.gov.uk
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/03 02:20:25
  • Status: offline
2020/02/04 07:46:22 (permalink)
0

Implementing UK Prevent agenda web filtering

Hello,
 
we have been asked to implement the UK Government's Prevent agenda web filtering to stop people going to radicalisation sites etc. Does anyone have any guides or notes on what to do to implement it on the FortiGate firewalls? 
 
Thanks,
Paul
#1
tanr
Platinum Member
  • Total Posts : 744
  • Scores: 33
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: Implementing UK Prevent agenda web filtering 2020/02/04 08:08:20 (permalink) ☄ Helpfulby paul.woods@durham.gov.uk 2020/02/04 09:23:06
0
 I don't have any official guides or notes, but some quick thoughts:
 
You probably want to look through the Web Filter Categories: https://fortiguard.com/webfilter/categories.
Blocking the "Extremist Groups" category using both Web Filter and DNS Filter would be a start.
 
You would need to do SSL inspection.  Note that this means you need to deal with setting up your own internal certificate authority and making sure all users have your certificate installed.  This will absolutely require work to avoid causing issues for sites and apps that use certificate pinning or have privacy issues.
 
To avoid people working around the filters you'd need to block the "Proxy Avoidance" category through web and dns filters, and "Proxy" category through Application Control. Note that this might block valid VPN use, so you might need to tweak the settings.
 
Beyond that start, I would contact TAC directly.  They may already have a template to follow.
#2
paul.woods@durham.gov.uk
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/03 02:20:25
  • Status: offline
Re: Implementing UK Prevent agenda web filtering 2020/02/04 09:23:37 (permalink)
0
raising a ticket with Fortinet about this.
 
Thanks,
Paul
#3
Dave Hall
Expert Member
  • Total Posts : 1608
  • Scores: 174
  • Reward points: 0
  • Joined: 2012/05/11 07:55:58
  • Location: Canada
  • Status: offline
Re: Implementing UK Prevent agenda web filtering 2020/02/04 09:50:59 (permalink)
0
Good plan, though while I was formulating my own response to this question I did a quick research on UK Government's Prevent agenda web filtering and concluded because of the scope and potential liability you may be better off contacting Fortinet and/or a Fortinet partner to assist with designing the web filter/content policies and have someone higher up in your organization sign off on the implementation.  IMO.
 
paul.woods@durham.gov.uk
raising a ticket with Fortinet about this.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
#4
Jump to:
© 2020 APG vNext Commercial Version 5.5