If you give users unlimited website access, your company can suffer lost productivity and reduced bandwidth. Uncontrolled Internet browsing can also increase security risks and legal liability. The WebBlocker security subscription gives you control of the websites that are available to your users.
WebBlocker uses a database that groups website addresses into content categories. When a user on your network tries to connect to a website, the Firebox looks up the address in the WebBlocker database and takes the action you specify for the content category. You can also specify the action WebBlocker takes for uncategorized websites.
WebBlocker Actions and Proxy Policies
You can define multiple WebBlocker actions. In a WebBlocker action you specify what to do when users try to open websites in each content category. You can select from these options:
- Allow — The website opens.
- Deny — The website does not open. A deny page appears in the browser.
- Warn (Fireware v12.4 and higher) — The website does not open. A warning page appears in the browser. Users can select to continue to the website or go back to the previous page.
WebBlocker works with the HTTP and HTTPS proxy policies to control web browsing. After you configure a WebBlocker action, you must apply it to an HTTP or HTTPS client proxy action. WebBlocker is not supported in HTTPS server proxy actions.
WebBlocker and DNS
To enable the WebBlocker service, DNS must be configured on the Firebox.
If there are no DNS servers configured, all external interfaces must use either DHCP or PPPoE. If any external interfaces are configured with a static IP address, you must manually configure DNS servers before you can enable WebBlocker. For more information, see Configure Network DNS and WINS Servers.
WebBlocker and IPv6
To configure WebBlocker, your Firebox must have a WebBlocker service subscription. After you activate or renew your WebBlocker subscription, make sure to get an updated feature key for your Firebox.
For more information about feature keys, see About Feature Keys.
WebBlocker Server Options
WebBlocker supports two options for the WebBlocker Server — WebBlocker Cloud or an on-premises WebBlocker Server. The selected option defines which server the Firebox connects to for WebBlocker category lookups. By default, WebBlocker uses WebBlocker Cloud.
For more information about WebBlocker Server options, see Set Up the WebBlocker Server.