{"id":607,"date":"2025-10-19T21:37:46","date_gmt":"2025-10-19T16:37:46","guid":{"rendered":"https:\/\/brainlessideas.com\/?p=607"},"modified":"2025-10-19T21:37:46","modified_gmt":"2025-10-19T16:37:46","slug":"fortigate-ad-blocking","status":"publish","type":"post","link":"https:\/\/brainlessideas.com\/index.php\/2025\/10\/19\/fortigate-ad-blocking\/","title":{"rendered":"Fortigate ad blocking"},"content":{"rendered":"<div class=\"page\">\n<div class=\"page_body\">\n<div class=\"centered\">\n<header class=\"centered-top-container sticky\" role=\"banner\">\n<div class=\"centered-top\">\n<div class=\"blog-name\">\n<div id=\"header\" class=\"section\">\n<div id=\"Header1\" class=\"widget Header\" data-version=\"2\">\n<div class=\"header-widget\">\n<div><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/header>\n<div class=\"centered-bottom\"><main id=\"main\" class=\"main-container\" tabindex=\"-1\" role=\"main\"><\/p>\n<div id=\"page_body\" class=\"main section\">\n<div id=\"Blog1\" class=\"widget Blog\" data-version=\"2\">\n<div class=\"blog-posts hfeed container\">\n<article class=\"post-outer-container\">\n<div class=\"post-outer\">\n<div class=\"post-wrapper not-hero post-1381588145750297548 no-image\">\n<div class=\"slide\">\n<div class=\"post\">\n<div class=\"post-title-container\">\n<h3><a href=\"https:\/\/cheat--sheets.blogspot.com\/2020\/10\/turn-your-fortigate-into-pihole-well.html\">https:\/\/cheat&#8211;sheets.blogspot.com\/2020\/10\/turn-your-fortigate-into-pihole-well.html<\/a><\/h3>\n<\/div>\n<div id=\"post-body-1381588145750297548\" class=\"post-body entry-content float-container\">\n<div>\nSo here&#8217;s the:\u00a0<b>How to use a Fortigate box to block annoying ads in your network<\/b>.<\/p>\n<ul>\n<li>Add external filter lists<\/li>\n<\/ul>\n<ul>\n<li>Set up a DNS filter, block the external filter lists<\/li>\n<\/ul>\n<ul>\n<li>Set up a DNS server on the Fortigate with the DNS filter enabled<\/li>\n<\/ul>\n<h2>How it&#8217;s done<\/h2>\n<div>This is all done on a Fortigate firewall with firmware 6.2.5<\/div>\n<h3>External lists<\/h3>\n<\/div>\n<div>\n<div>First we add the external lists. I currently use 8 lists, which are a mix of advertisers and trackers.<\/div>\n<div><\/div>\n<div>Connect to you box using SSH. At the CLI you can paste this:<\/div>\n<div><\/div>\n<div>\n<div>config system external-resource<\/div>\n<div>\u00a0 \u00a0 edit &#8220;Disconnect-Ad-Filter&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 194<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/s3.amazonaws.com\/lists.disconnect.me\/simple_ad.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;AdGuard&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 192<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/v.firebog.net\/hosts\/AdguardDNS.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;Firebog&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 193<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/v.firebog.net\/hosts\/Easylist.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;Firebog-Privacy&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 195<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/v.firebog.net\/hosts\/Easyprivacy.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;Fireblog-Admiral&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 196<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/v.firebog.net\/hosts\/Admiral.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;Fireblog-Privacy-2&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 197<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/v.firebog.net\/hosts\/Prigent-Ads.txt&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;OISD&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type domain<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set category 198<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/dbl.oisd.nl\/&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>\u00a0 \u00a0 edit &#8220;OISD-IP&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set type address<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set resource &#8220;https:\/\/hosts.oisd.nl\/&#8221;<\/div>\n<div>\u00a0 \u00a0 \u00a0 \u00a0 set refresh-rate 60<\/div>\n<div>\u00a0 \u00a0 next<\/div>\n<div>end<\/div>\n<\/div>\n<div><\/div>\n<div>config system dns-server<\/div>\n<div>end<\/div>\n<div><\/div>\n<h3>DNS Filter<\/h3>\n<p>Next we add a DNS filter. You can do this under the &#8216;Security Profiles&#8217; tab in the GUI of the Fortigate. Enable the option\u00a0FortiGuard Category Based Filter<\/p><\/div>\n<div>\nIn the category filter list you can see an entry called &#8216;Remote Categories&#8217;. Open this entry, you will find seven of the external entries we added before. Set all of them to &#8216;Redirect to Block Portal&#8217;.<\/div>\n<div>\nAt the bottom of the menu you find the option\u00a0External IP Block lists. Click at the\u00a0<b>+<\/b>\u00a0sign and select the entry &#8216;OSID-IP&#8217;.<\/div>\n<div>\nNow, all eight lists are active in this DNS filter profile.<\/p>\n<\/div>\n<div>\n<h3>Set up a DNS Server<\/h3>\n<p>Setting up a DNS server is most easy done by CLI (like most of things). Paste this code to your CLI to setup the server. Change the dnsfilter-profile to the name of your DNS profile.<\/p>\n<\/div>\n<div>\u00a0 \u00a0 edit &#8220;internal&#8221;<br \/>\nset mode forward-only<br \/>\nset dnsfilter-profile &#8220;Your-DNS-Filter&#8221;<br \/>\nnext<\/p>\n<\/div>\n<div>After setting up your DNS server,\u00a0<b>don&#8217;t forget to publish it with your DHCP.<\/b><\/p>\n<\/div>\n<div>\n<h3>That&#8217;s it<\/h3>\n<p>Now you should notice much less ad\u00a0 bothering. Either by web browser or by app on your mobile.<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div>With these simple steps you can get rid of most ads. YouTube ads cannot be blocked this way.<\/div>\n<\/div>\n<div class=\"post-footer container\">\n<div class=\"post-footer-line post-footer-line-1\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n<\/div>\n<\/div>\n<\/div>\n<p><\/main><\/div>\n<\/div>\n<\/div>\n<footer id=\"footer\" class=\"footer section\">\n<div id=\"Attribution1\" class=\"widget Attribution\" data-version=\"2\">\n<div class=\"widget-content\">\n<div class=\"blogger\"><\/div>\n<\/div>\n<\/div>\n<\/footer>\n<\/div>\n<p>Source: <em><a href=\"https:\/\/cheat--sheets.blogspot.com\/2020\/10\/turn-your-fortigate-into-pihole-well.html\">Turn your Fortigate into a PiHole (well &#8230; kind of)<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<\/p>\n<p> https:\/\/cheat&#8211;sheets.blogspot.com\/2020\/10\/turn-your-fortigate-into-pihole-well.html So here&#8217;s the: How to use a Fortigate box to block annoying ads in your network.<\/p>\n<p> Add external filter lists Set up a DNS filter, block the external filter lists Set up a DNS server on the Fortigate with the DNS filter enabled How it&#8217;s done This is all done on a [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-607","post","type-post","status-publish","format-standard","hentry","category-uncategorized","odd"],"_links":{"self":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/comments?post=607"}],"version-history":[{"count":1,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/607\/revisions"}],"predecessor-version":[{"id":608,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/posts\/607\/revisions\/608"}],"wp:attachment":[{"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/media?parent=607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/categories?post=607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainlessideas.com\/index.php\/wp-json\/wp\/v2\/tags?post=607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}