Creating a basic Content Filter Profile on the USG

Before using the content filter function on the USG, you have to create a content filter profile. This tutorial will guide you through this very first step!

Walkthrough Steps

Using this tutorial, you can block specific web content for the users in your LAN network:

1. Log in to the unit by entering its IP address and the credentials for an admin account (by default, the username is “admin” and the password is “1234”)
2. Navigate to Configuration > UTM Profile > Content Filter and tick the checkbox “Enable Content Filter Report Service” and click “Apply”
3. Activate the checkbox "Enable HTTPS Domain Filter for HTTPS traffic" to analyze encrypted traffic
   
4. Click “Add” to create a new profile, tick the checkbox “Enable Content Filter Category Service”, choose the actions for the different types of web pages and when the Category Server is not available and tick the “Log” checkbox for each page you want to see log messages for
5. Scroll down to “Security Threat” and “Managed Categories” and tick all the categories that should be blocked by Content Filter and finally click “OK”
   
6. Navigate to Configuration > Security Policy > Policy Control, edited a desired “LAN-to-WAN” rule, scroll down to the section “UTM Profile”, tick the checkbox “Content Filter”, choose your previously created profile and choose if you want to see log messages for Content Filter before finally clicking “OK”
   

Please note: If you are unsure which category a website applies, you can scroll down to “Test Web Site Category” when creating or editing a content filter profile and testing it there.

Another note: You can block specific web features like ActiveX or Java, or add specific websites to be trusted or forbidden regardless your settings in “Category Service” when you open the tab “Custom Service” when editing a content filter profile.