Configure WebBlocker Categories
On the Categories tab in a WebBlocker action, you can configure which categories WebBlocker allows, denies, or warns users about.
The Quick Actions drop-down list includes actions that you can apply to selected categories in the Categories tab. To select multiple categories in Policy Manager, hold down the Ctrl key. To select multiple categories in the Firebox Web UI, select check boxes in the first column of the list of categories.
Specify Actions for WebBlocker Categories
You can configure the action for each WebBlocker category and subcategory. You can select from these actions:
- Allow — The website opens.
- Deny — The website does not open and a notification page appears in the browser.
- Warn (Fireware 12.4 and higher) — The website does not open and a warning page appears in the browser. Users can select to continue to the website or go back to the previous page.
If the Firebox uses a self-signed certificate for authentication, users will see a certificate warning for the warning page. We recommend that you install a trusted certificate on the Firebox for this purpose, or import the self-signed certificate on each client device.
Top-level categories have the same name in the Category and Subcategory columns. These top-level categories are more than a summation of the subcategories they contain. WebBlocker uses the top-level categories to classify websites that fit the description of the category, but do not fit the description of any subcategory.
To specify actions for WebBlocker categories:
- Filter the list of categories and subcategories:
- To show only categories with a specific action, from the Show all categories drop-down list, select Show only Warn or Show only Deny.
- To show only a specific category and related subcategories, from the All Categories drop-down list, select a category.
- To search for categories, in the Search text box, type the text to search for.
As you type, the list of categories updates to show only those categories that match your search text.
- Specify the action to take for each category and subcategory:
- Fireware 12.4 and higher — Select the category rows you want to assign an action to, then from the Quick Action drop-down list, select Allow, Warn, or Deny.
- Fireware 12.3.1 and lower — In the Deny column, select the check boxes next to each category and subcategory you want to deny. To deny access to websites in multiple selected categories and subcategories, from the Quick Action drop-down list, select Deny.
- To configure the action WebBlocker takes for uncategorized websites, from the When a URL is uncategorized drop-down list, select Allow, Warn (Fireware 12.4 or higher), or Deny.
- To send an alarm and log message when a user tries to go to an uncategorized site, select the Alarm and Log this Action check boxes next to the drop-down list.
When you assign the Warn action to a WebBlocker category, the WG-Auth-WebBlocker policy is added to the configuration automatically.
For more information about WebBlocker categories, see About WebBlocker Categories.
Send an Alarm when a Site is Denied or the Warn Page is Shown
You can configure WebBlocker to send an alarm if a user tries to go to a site in a category with the Warn or Deny action.
To send an alarm for sites in a category or subcategory, select the check box in the Alarm column. The authenticated user's name is displayed in the alarm text to help you track violations.
To send an alarm for multiple selected categories and subcategories, from the Quick Action drop-down list, select Enable Alarm.
To set parameters for the alarms, click the Alarm tab. For more information about the Alarm tab settings, see Set Logging and Notification Preferences.
Log WebBlocker Actions
You can configure WebBlocker to send a message to the log file if a user tries to go to a site in a specific WebBlocker category.
To send a log message for sites in a category or subcategory, select the check box in the Log column.
To send a log message for multiple selected categories and subcategories, from the Quick Action drop-down list, select Enable Logging.
Enable WebBlocker Override
In Fireware v12.5 or higher, you can enable WebBlocker override in the Categories tab. WebBlocker override allows your users to get temporary access to content that your WebBlocker settings deny. For more information, see WebBlocker Override.
When you enable WebBlocker override in a WebBlocker action, it is enabled for all denied categories automatically. If you want more control, you can select which WebBlocker categories users can override.
To enable WebBlocker override:
- Select the Enable WebBlocker Override check box.
- From the drop-down list, select the method that users can use to override WebBlocker, either Passphrase or User Group.
- Click Edit.
The WebBlocker Override Passphrase Settings dialog box or WebBlocker Override User Group Settings dialog box appears.
- Configure the WebBlocker override settings.
- To change which denied categories users can override, in the Override column, select or clear the check boxes.
- Click OK.