About WebBlocker

If you give users unlimited website access, your company can suffer lost productivity and reduced bandwidth. Uncontrolled Internet browsing can also increase security risks and legal liability. The WebBlocker security subscription gives you control of the websites that are available to your users.

WebBlocker uses a database that groups website addresses into content categories. When a user on your network tries to connect to a website, the Firebox looks up the address in the WebBlocker database and takes the action you specify for the content category.

For locally-managed Fireboxes, you can specify the action WebBlocker takes for uncategorized websites.

WebBlocker Actions and Proxy Policies

You can define multiple WebBlocker actions. In a WebBlocker action you specify what to do when users try to open websites in each content category. You can select from these options:

  • Allow — The website opens.
  • Deny — The website does not open. A deny page appears in the browser.
  • Warn (Fireware v12.4 and higher) — The website does not open. A warning page appears in the browser. Users can select to continue to the website or go back to the previous page.

WebBlocker works with the HTTP and HTTPS proxy policies to control web browsing. After you configure a WebBlocker action, you must apply it to an HTTP or HTTPS client proxy action. WebBlocker is not supported in HTTPS server proxy actions.

WebBlocker and DNS

To enable the WebBlocker service, DNS must be configured on the Firebox.

If there are no DNS servers configured, all external interfaces must use either DHCP or PPPoE. If any external interfaces are configured with a static IP address, you must manually configure DNS servers before you can enable WebBlocker. For more information, see Configure Network DNS and WINS Servers.

WebBlocker and IPv6

In Fireware v11.12 and higher, Fireware supports IPv6 for proxy policies and subscription services. WebBlocker uses IPv4 to connect to the WebBlocker Cloud server. If your Firebox is configured for IPv6 and the WebBlocker configuration uses WebBlocker Cloud for URL categorization lookup requests, you must configure the external interface with both an IPv4 address and an IPv6 address.

WebBlocker Licensing

To configure WebBlocker, your Firebox must have a WebBlocker service subscription. After you activate or renew your WebBlocker subscription, make sure to get an updated feature key for your Firebox.

For more information about feature keys, see About Feature Keys.

WebBlocker Server Options

WebBlocker supports two options for the WebBlocker Server — WebBlocker Cloud or an on-premises WebBlocker Server. The selected option defines which server the Firebox connects to for WebBlocker category lookups. By default, WebBlocker uses WebBlocker Cloud.

For more information about WebBlocker Server options, see Set Up the WebBlocker Server.

You can configure WebBlocker to use an on-premises WebBlocker Server in Fireware v12.2 and higher.

Related Topics

Get Started with WebBlocker

Set Up the WebBlocker Server

Video tutorial: Getting Started with WebBlocker