If you give users unlimited web site access, your company can suffer lost productivity and reduced bandwidth. Uncontrolled Internet surfing can also increase security risks and legal liability. The WebBlocker security subscription gives you control of the web sites that are available to your users.
WebBlocker uses a database of web site addresses, which are identified by content categories. When a user on your network tries to connect to a web site, the Firebox or XTM device examines the WebBlocker database. If the web site is not in the database or is not blocked, the page opens. If the web site is in the WebBlocker database and is blocked based on the content category of the site, a notification appears and the web site is not displayed.
When you configure WebBlocker, you have two options for the type of WebBlocker database the Firebox or XTM device uses to control access to web content.
Websense cloud with Websense categories
Websense cloud is a URL categorization database with over 130 content categories, provided by Websense.
The Websense cloud option does not use a locally installed WebBlocker Server. When you enable WebBlocker for the first time, Websense cloud is selected by default. The Websense cloud option is only available for devices that use Fireware XTM v11.7 and later.
The Firebox or XTM device sends URL categorization lookups to the Websense cloud over HTTP.
If you have a WatchGuard XTM 21, 22, or 23 device, this feature is not available for your device.
WebBlocker Server with SurfControl categories
The WebBlocker Server is a WatchGuard server that uses a URL categorization database with 54 categories, provided by SurfControl.
If you use WebBlocker with the WebBlocker Server on any device other than a Firebox T10, XTM 2 Series, or XTM 33, you must first set up a local WebBlocker Server on your management computer. Firebox T10, XTM 2 Series, and XTM 33 devices can use a WebBlocker Server hosted and maintained by WatchGuard.
The Firebox or XTM device sends URL categorization lookups to the WebBlocker server over UDP port 5003.
The WebBlocker Server is installed as part of the WatchGuard System Manager installation. To learn about how to set up a WebBlocker Server, see Install a Local WebBlocker Server.
WebBlocker works with the HTTP and HTTPS proxy policies to control web browsing. After you configure a WebBlocker profile, you must apply it to a user-defined HTTP or HTTPS proxy action.
WebBlocker requires that you configure DNS servers to allow proper communications with WebBlocker servers.
If there are no DNS servers configured, all external interfaces must use either DHCP or PPPoE. If any external interfaces are set with a static IP address, DNS will not be considered configured in this state and WebBlocker cannot be enabled.
To configure WebBlocker, your Firebox or XTM device must have a WebBlocker service subscription. After you activate your WebBlocker subscription, make sure to get an updated feature key to enable the feature on your device.
For more information about feature keys, see About Feature Keys.
Get Started with WebBlocker