Get Started with WebBlocker (Web)
WebBlocker Activation Wizard
In Fireware Web UI, you can use the WebBlocker Activation Wizard to activate WebBlocker and create a basic configuration.
- From the Web UI, select Subscription Services > WebBlocker.
The Activate WebBlocker Wizard starts.
- Click Next.
The first page of the wizard appears. The page you see depends on your configuration.
- Type a Profile Name for the new WebBlocker action.
- Click Next.
The Select categories to block page appears.
- Select the categories that you want to block.
- Click Next.
The Apply WebBlocker settings to your policies page appears.
- Click the corresponding check box to activate WebBlocker for any of the listed proxy actions and their corresponding firewall policies.
This list includes current proxy actions that do not have WebBlocker enabled and the firewall policies that use them.
WebBlocker Server Options
The WebBlocker server options are:
Use the Websense cloud for WebBlocker lookups
Websense cloud is a URL categorization database provided by Websense. The Websense cloud option does not use a locally installed WebBlocker Server. When you activate WebBlocker, this option is selected by default.
If you have a WatchGuard XTM 21, 22, or 23 device, this feature is not available for your device.
Use a WebBlocker Server with SurfControl
The WebBlocker Server is a WatchGuard server that uses a URL categorization database provided by SurfControl. If you select this option for any Firebox other than an XTM 2 Series, XTM 33, or Firebox T10, you must add the IP address of at least one locally installed WebBlocker Server.
For information about how to set up a local WebBlocker Server, see Install a Local WebBlocker Server.
Create a WebBlocker Profile
- Select Subscription Services > WebBlocker.
The WebBlocker page appears.
- In the WebBlocker Actions section, click Add.
The Add WebBlocker Action page appears.
- In the Profile Name text box, type a name for the WebBlocker configuration.
- Configure the WebBlocker settings.
The WebBlocker profile page includes tabs to you can use to:
- Configure WebBlocker Servers
- Change Categories to Block
- Add WebBlocker Exceptions
- Define Advanced WebBlocker Options
- Define WebBlocker Alarms
Configure the HTTP-Proxy and HTTPS-Proxy Policies
To use WebBlocker, your configuration must have an HTTP-proxy and an HTTPS-proxy that each use a user-defined proxy action. If you do not already have these policies, you must create them.
To make sure your HTTP-proxy and the HTTPS-proxy policies use a user-defined proxy action:
- Select Firewall > Firewall Policies.
- Select the proxy policy you want to edit.
- Select the Proxy Action tab.
- Look at the Proxy Action setting.
If (predefined) appears adjacent to the Proxy Action drop-down list, the selected proxy action is not a user-defined proxy action.
- To add a user-defined proxy action, select the proxy action from the Proxy Action drop-down list, or select Clone the current proxy action to create a new user-defined proxy action.
- Click Save.
For more information about proxy actions, see About Proxy Actions.
Apply a WebBlocker Profile to HTTP and HTTPS Proxy Actions
To enable WebBlocker for an HTTP-proxy or HTTPS-proxy policy, you apply a WebBlocker profile to the proxy action the policy uses. You can only apply a WebBlocker profile to a user-created proxy action. For WebBlocker to block all web content that matches the configured categories, you must enable WebBlocker in both the HTTP-proxy and HTTPS-proxy policies.
To apply a WebBlocker profile to a proxy action:
- In the WebBlocker Policies section, select one or more HTTP or HTTPS proxy actions to configure.
- From the Select Action drop-down list, select the WebBlocker action to use for the selected policies.
- Click Save.
All proxy policies that use the HTTP and HTTPS actions use the WebBlocker profile you applied.
If you enable content inspection in the HTTPS-proxy action, make sure that you also enable WebBlocker in the HTTP-proxy action used for content inspection. For more information, see HTTPS-Proxy: Content Inspection.