On the Categories tab in a WebBlocker action, you configure the categories WebBlocker allows, denies, or warns users about.
The Quick Action drop-down list includes actions that you can apply to selected categories in the Categories tab. To select multiple categories in Policy Manager, press and hold the Ctrl key and select categories. To select multiple categories in Fireware Web UI, select check boxes in the first column of the list of categories.
In Fireware v12.5 or higher, you can enable WebBlocker override in the Categories tab. WebBlocker override allows users to get temporary access to websites that your WebBlocker settings deny. For more information, see WebBlocker Override.
Specify Actions for WebBlocker Categories
You can select one of these actions for each WebBlocker category and subcategory:
- Allow — The website opens.
- Deny — The website does not open. A deny page appears in the browser.
- Warn (Fireware v12.4 and higher) — The website does not open. A warning page appears in the browser. Users can select to continue to the website or go back to the previous page.
In Fireware v12.5.1 and higher, users who continue to a website from the warning page only see the warning page again when they have not visited a site in a Warn category in the last 15 minutes.
If the Firebox uses a self-signed certificate for authentication, users see a certificate warning for the warning page. We recommend that you install a trusted certificate on the Firebox for this purpose or import the self-signed certificate on each client device.
Top-level categories have the same name in the Category and Subcategory columns. These top-level categories are more than a summation of the subcategories they contain. WebBlocker uses the top-level categories to classify websites that fit the description of the category, but do not fit the description of any subcategory.
To specify actions for WebBlocker categories:
- Filter the list of categories and subcategories:
- To show only categories with a specific action, from the Show all categories drop-down list, select Show only Warn or Show only Deny.
- To show only a specific category and related subcategories, from the All Categories drop-down list, select a category.
- To search for categories, type in the Search text box.
As you type, the list of categories updates to show only those categories that match your search text.
- Specify the action to take for each category and subcategory:
- Fireware v12.4 and higher — Select the category rows you want to assign an action to, then from the Quick Action drop-down list, select Allow, Warn, or Deny.
- Fireware v12.3.1 and lower — In the Deny column, select the check box next to each category and subcategory you want to deny. To deny access to websites in multiple selected categories and subcategories, from the Quick Action drop-down list, select Deny.
- To configure the action WebBlocker takes for uncategorized websites, from the When a URL is uncategorized drop-down list, select Allow, Warn (Fireware v12.4 or higher), or Deny.
- To send an alarm and log message when a user tries to go to an uncategorized website, select the Alarm and Log this Action check boxes next to the drop-down list.
When you assign the Warn action to a WebBlocker category, the WG-Auth-WebBlocker policy is added to the configuration automatically.
For more information about WebBlocker categories, see About WebBlocker Categories.
Send an Alarm When a Site Is Denied or the Warn Page Is Shown
You can configure WebBlocker to send an alarm when a user tries to go to a website in a category with the Deny or Warn action. To help you track violations, the alarm text includes the name of the authenticated user.
To send an alarm for websites in a category or subcategory:
Select the check box in the Alarm column.
To send an alarm for multiple selected categories and subcategories:
From the Quick Action drop-down list, select Enable Alarm.
To set parameters for the alarms:
Click the Alarm tab. For more information about the Alarm tab settings, see Set Logging and Notification Preferences.
Log WebBlocker Actions
You can configure WebBlocker to send a message to the log file when a user tries to go to a website in a specific WebBlocker category.
To send a log message for websites in a category or subcategory:
Select the check box in the Log column.
To send a log message for multiple selected categories and subcategories:
From the Quick Action drop-down list, select Enable Logging.