To use WebBlocker, you must define WebBlocker actions for at least one WebBlocker profile, which specifies the type of server to use and the content categories to block. Then you can apply the WebBlocker profile to an HTTP or HTTPS proxy policy with a user-defined proxy action.
When a user tries to visit a web site, your XTM device sends a request to the WebBlocker Server to find out if the user can get access to that web site based on the site category. The result of this request is saved in a cache. You can change the size of this cache to improve performance.
Before you configure a WebBlocker profile, you must decide what type of server you want to use, and install a local WebBlocker Server, if necessary.
The WebBlocker server options are:
Use the Websense cloud for WebBlocker lookups
Websense cloud is a URL categorization database provided by Websense. The Websense cloud option has over 130 categories and does not use a locally installed WebBlocker Server.
Use a WebBlocker Server with SurfControl
The WebBlocker Server is a WatchGuard server that uses a URL categorization database provided by SurfControl. The SurfControl database has 54 categories. If you select this option for any XTM device other than an XTM 2 Series or XTM 33, you must add the IP address of at least one locally installed WebBlocker Server.
For information about how to set up a local WebBlocker Server, see Install a Local WebBlocker Server.
The WebBlocker profile page includes tabs to you can use to:
To use WebBlocker, your configuration must have an HTTP-proxy and an HTTPS-proxy that each use a user-defined proxy action. If you do not already have these policies, you must create them.
To make sure your HTTP-proxy and the HTTPS-proxy policies use a user-defined proxy action:
For more information about proxy actions, see About Proxy Actions.
To enable WebBlocker for an HTTP-proxy or HTTPS-proxy policy, you apply a WebBlocker profile to the proxy action the policy uses. You can only apply a WebBlocker profile to a user-created proxy action. For WebBlocker to block all web content that matches the configured categories, you must enable WebBlocker in both the HTTP-proxy and HTTPS-proxy policies.
To apply a WebBlocker profile to a proxy action:
If you enable deep inspection in the HTTPS-proxy action, make sure that you also enable WebBlocker in the HTTP-proxy action used for deep inspection. For more information, see HTTPS-Proxy: Content Inspection.
About WebBlocker Subscription Services Expiration