I’ve been asked to provide a little more information on what else we can provide in the web filtering space, particularly when it comes to service providers and how they can solve one of the main problems when considering a residential web filtering service. We have provided a way of dynamically provisioning the web filtering profile on a per end point basis, and end point can of course be many things. Flexibility in this end point definition is key, so it can relate to an authenticated username, a service, location, or in the case of mobile networks the cell number (MSISDN).

Providing this flexibility does of course leave us another problem to solve. In a mixed home environment with parents and children of various ages different levels of access are desirable, or a least the parent paying the bill wants to have some additional choice. With our in home residential control here at Fortinet we believe in allowing parents to have a different level of access than others in the house with an over ride capability which can unlock a reduced, or unfiltered access. Depending of course on how the provider has defined the service offering. But it is possible to match the service to just to the house, but to it’s occupants, all sharing the same IP address.

For providers it gives them the ability to create flexible services that are dynamically provisioned, helping the scalability, and profitability of the offer. For the customer we provide the protection they need, without the restrictions they are happy to do without.

Effortless Efficiency

Speed and efficiency is of the essence in protecting your network and its users from threats. It is also key to a quick response for web site ratings.

As previously discussed, the latency is minimized through the FortiGate monitoring of FortiGuard servers for the most responsive server within its geographic region. Further, rating responses can also be cached locally, minimizing the hits on the FortiGuard servers. This is a very effective method for common sites. Search engines and other frequently visited sites for your business can remain cached locally. Other sites less frequently visited, can be cached locally for a determined amount of time. For a site such as Google, the frequency of its access can keep it in the cache, other sites can remain in the cache up to 24 hours, or less depending on the configuration.

But what other options can you have to maximize the response time to web filter ratings? Well you need to minimize the network latency, how we do that is provide you with your own copy of the FortiGuard database, automatically synchronized to the main FortiGuard Network.

This copy is stored on the FortiManager device that you would own and deploy at a location most appropriate to your network environment and the demands placed upon it. Having this local access minimizes any network latency for web site filtering for individual requests while having the same coverage offered by the host FortiGuard network.

Read Part I: Cloud-Based FortiGuard Web Filtering Services

Read Part II: Web Filtering: Controlling the Flow

While web filtering provides a company with the ability to limit where users visit on the the Internet, what if some users – managers, guests or whole departments – needed access to these categories or subsets of those categories? What if you still want your users or employees some level of freedom? After all, a happy worker is a productive worker. The flexibility to accommodate a multitude of configurations and situations. One size does not necessarily fit all.

Happily, FortiOS comes in many sizes. There are a options available to meet the needs of various users and at various times of the day.

Beyond the selections of the FortiGuard web services, overrides and custom configurations, are the firewall policies that instruct the FortiGate how to determine which users can see what sites and when.

Within firewall policies, you can use an identity-based approach, where local users and groups or more established LDAP, RADIUS or TACACS+ databases can be referenced.  By setting up users and unique groups, you can create web filtering policies to accommodate unique situations rather than painting web access with a very large corporate brush. With unique user and group options, firewall policies can be set up to request authentication. Before a user can access the specific web policy, they must enter a username and password. Once authenticated, the correct web profile can be applied.

Another possibility, web access policies can also be time-controlled. Where specific policies restrict web access through most of the day, policies can lift these restrictions over the lunch hour or after work to enable employees to view social networking sites and entertainment sites (remember those happy, workers?), yet shut the access off automatically so everyone can get back to work (happy and productive!). Or alternatively, set a time quota for the day for different web categories. Rather than dictating a specific time of the day, allow a total time allotment for the day. Gaming maximums of one hour; social network two hours a day. When the user’s time is up, they can be shut off until the next day.

And when the time is up, the FortiGate includes messages you can customize to let users gently know time is up with a customized message. These messages are stored on the FortiGate in simple HTML.

All of these options make for happy network admins, managers and employees. Further, all surfing actions can also be logged and analyzed. Users’ surfing habits can be monitored and thus filtering fine-tuned. If the FortiGate unit has an integrated storage module – internal hard disk or AMC module, or you use a FortiAnalyzer unit, you can log the web sites visited and generate reports to see what the web site flow is, and even, who the top users are, and adjust your network web filtering policies accordingly to strike a balance of network traffic management.

Read Part I: Cloud-Based FortiGuard Web Filtering Services