Get Started with WebBlocker

Before You Begin

Before you activate WebBlocker, you must ensure that the WebBlocker subscription service has been activated for your device. To activate the WebBlocker license key and import the feature key to your Firebox, go to Get a Firebox Feature Key.

Activate WebBlocker

You can use the WebBlocker Activation Wizard to activate WebBlocker on your Firebox and create a basic configuration.

In the wizard you specify what to do when users try to open websites in each content category. You can select from these options:

  • Allow — The website opens.
  • Deny — The website does not open. A deny page appears in the browser.
  • Warn (Fireware v12.4 and higher) — The website does not open. A warning page appears in the browser. Users can select to continue to the website or go back to the previous page.

The wizard creates a new WebBlocker action and assigns it to the selected HTTP-proxy and HTTPS-proxy policies. If no HTTP-proxy and HTTPS-proxy policies exist, you can use the wizard to create new ones.

The Web Setup Wizard and WSM Quick Setup Wizard automatically configure the Default-HTTP-Client proxy action to use a WebBlocker action called Default-WebBlocker. For more information, go to Setup Wizard Default Policies and Settings.

  1. Select Subscription Services > WebBlocker.
  2. Click Run Wizard.
    The WebBlocker Activation Wizard appears.

Screenshot of the WebBlocker Activation Wizard

  1. Click Next.
    The Select a action name for the WebBlocker action page appears.

Screenshot of the WebBlocker Activation Wizard

  1. Type a name for the WebBlocker action or accept the generated name.
  2. Click Next.
    The Select categories to deny page appears.

Screenshot of the WebBlocker Activation Wizard

  1. Specify the action to take for each content category:
    • Fireware 12.4 and higher — Select the category rows you want to assign an action to, then from the Quick Action drop-down list, select Allow, Warn, or Deny. By default, all categories are allowed.
    • Fireware 12.3.1 and lower — In the Deny column, select the check boxes next to each category and subcategory that you want to deny.
  2. To send an alarm and log message for sites in a category or subcategory, select the check boxes in the Alarm and Log columns. To send alarm and log messages for multiple selected categories and subcategories, from the Quick Action list, select Enable Alarm and Enable Logging.
  3. To allow users to override WebBlocker, select the Enable WebBlocker Override check box, then select an option from the drop-down list:
    • Passphrase — Allow users to type a passphrase to override the WebBlocker settings and get access to denied content.
    • User Group — Allow users who are members of the specified user group to override the WebBlocker settings and get access to denied content.

    For more information about how to configure WebBlocker override settings, see WebBlocker Override.

  4. To configure the action to take for uncategorized websites, from the When a URL is uncategorized drop-down list, select Allow, Warn, or Deny.
  5. Click Next.
    If any user-defined HTTP or HTTPS proxy actions do not have associated WebBlocker actions, the Apply WebBlocker settings to your policies page appears.

Screen shot of WebBlocker Activaton wizard.

  1. Select the check box next to each proxy action you want to apply the new WebBlocker action to. Click Next.
    The Create new proxy policies page appears.

Screenshot of WebBlocker Activation Wizard

  1. Select the new policies to create. The Activate WebBlocker Wizard creates the selected policies, creates new user-defined proxy actions for the policies, and assigns the new WebBlocker action to them.
  2. Click Next.
    The WebBlocker Activation Wizard is complete page appears.
  3. Click Finish
  1. Select Subscription Services > WebBlocker > Activate.
    The WebBlocker Activation Wizard appears.

Screen shot of the WebBlocker Activation Wizard welcome page.

  1. Click Next.
    The Select a name for the WebBlocker action page appears.

Screen shot of the Activate WebBlocker Wizard select a name for the action page.

  1. Type a name for the WebBlocker action or accept the generated name. The name is used to identify this WebBlocker action for later application to a proxy action.
  2. Click Next.
    The Select categories to deny page appears.

Screen shot of the Activate WebBlocker Wizard select categories to deny page.

  1. Specify the action to take for each content category:

    • Fireware 12.4 and higher — Select the category rows you want to assign an action to, then from the Quick Action drop-down list, select Allow, Warn, or Deny. To select multiple contiguous rows, hold down the Shift key. By default, all categories are allowed.
    • Fireware 12.3.1 and lower — In the Deny column, select the check boxes next to each category and subcategory you want to deny.
  2. To send an alarm and log message for sites in a category or subcategory, select the check boxes in the Alarm and Log columns. To send alarm and log messages for multiple selected categories and subcategories, from the Quick Action list, select Enable Alarm and Enable Logging.
  3. To allow users to override WebBlocker, select the Enable WebBlocker Override check box, then select an option from the drop-down list:
    • Passphrase — Allow users to type a passphrase to override the WebBlocker settings and get access to denied content.
    • User Group — Allow users who are members of the specified user group to override the WebBlocker settings and get access to denied content.

    For more information about how to configure WebBlocker override settings, see WebBlocker Override.

  4. To configure the action to take for uncategorized websites, from the When a URL is uncategorized drop-down list, select Allow, Warn, or Deny.
  5. Click Next.
    If any user-defined HTTP or HTTPS proxy actions do not have associated WebBlocker actions, the Apply WebBlocker settings to your policies page appears.

Screenshot of Activate WebBlocker wizard.

  1. Select the check box next to each proxy action you want to apply the new WebBlocker action to. Click Next.
    The Create new proxy policies page appears.

Screen shot of the Activate WebBlocker Wizard create new proxy policies page.

  1. Select the new policies to create. You must select at least one policy.
    The Activate WebBlocker Wizard creates the selected policies, creates new user-defined proxy actions for the policies, and assigns the new WebBlocker action to them.
  2. Click Next.
    The Activate WebBlocker Wizard is complete page appears.

Screen shot of the Activate WebBlocker Wizard is complete page.

  1. Click Finish

Configure a WebBlocker Action

After you use the Activate WebBlocker Wizard to create a basic configuration, you can configure additional WebBlocker settings for the new WebBlocker action.

To configure a WebBlocker action:

  1. Open the WebBlocker Actions page.
    In Policy Manager, select Subscription Services > WebBlocker > Configure.
    In Fireware Web UI, select Subscription Services > WebBlocker.

Screen shot of the WebBlocker page

WebBlocker Actions page in Fireware Web UI

Screen shot of the WebBlocker Actions dialog box

WebBlocker Actions dialog box in Policy Manager

  1. Select the WebBlocker action to configure.
  2. Click Edit.
  3. Configure the WebBlocker settings. The Edit WebBlocker Action page includes tabs that you can use to:
  4. Click Save or OK.
    In the Fireware Web UI, click Test to enter a URL to test against a specific WebBlocker action.

Configure the HTTP-Proxy and HTTPS-Proxy Policies

To use WebBlocker, your configuration must have an HTTP-proxy policy and an HTTPS-proxy policy that each use a user-defined proxy action.

If your configuration does not already have these policies, you can create new policies when you run the WebBlocker Activation Wizard.

  1. Select Firewall > Firewall Policies.
  2. Select the proxy policy you want to edit.
  3. Select the Proxy Action tab.
  4. Look at the Proxy action or Content action drop-down list.
    If (predefined) appears next to the drop-down list, the selected proxy action is not a user-defined proxy action.
  5. Select a user-defined proxy action from the Proxy Action drop-down list, or select Clone the current proxy action to create a new user-defined proxy action.
  6. Click Save.
  1. Open Policy Manager.
  2. Right-click the proxy policy you want to edit.
  3. Select Modify Policy.
  4. Look at the Proxy action or Content action drop-down list.
    If the name of the selected proxy action is blue, it is not a user-defined proxy action. User-defined proxy actions are black.
  5. Select a user-defined proxy action from the Proxy action or Content action drop-down list, or click to create a new user-defined proxy action.
  6. Click OK.

For more information about proxy actions, go to About Proxy Actions.

Apply a WebBlocker Action to HTTP-Proxy and HTTPS-Proxy Actions

To enable WebBlocker for an HTTP-proxy or HTTPS-proxy policy, you apply a WebBlocker action to the proxy action the policy uses. You can only apply a WebBlocker action to a user-created proxy action.

For WebBlocker to deny all web content that matches the configured categories, you must enable WebBlocker in both the HTTP-proxy and HTTPS-proxy policies.

  1. Select Subscription Services > WebBlocker.
    The WebBlocker Actions page appears.

Screen shot of the WebBlocker page

  1. In the WebBlocker Policies section, select one or more proxy actions.
    If a proxy action is associated with a proxy policy, the policy name displays in the Firewall Policies column.
  2. From the Select Action drop-down list, select the WebBlocker action to assign to the proxy actions.
  3. Click Save.
  1. Select Subscription Services > WebBlocker > Configure.
    The WebBlocker Actions dialog box appears.
  2. Select the Policies tab.

Screen shot of the WebBlocker Actions dialog box, Policies tab.

  1. Select the proxy action.
    If a proxy action is associated with a proxy policy, the policy name appears in the Firewall Policies column.
  2. From the Select Action drop-down list, select the WebBlocker action to assign to the proxy action.
  3. Click OK.

If you enable content inspection in the HTTPS-proxy action, make sure that you also enable WebBlocker in the HTTP-proxy action used for content inspection. For more information, go to HTTPS-Proxy: Content Inspection.

Related Topics

About WebBlocker

Video tutorial: Getting Started with WebBlocker