Enforcing safe search features in Access rules

The safe search feature helps schools and other organizations to limit web searches and filter out potentially offensive content from search results. If end users change the safe search settings in the browser, safe search is not disabled.

Note: To use the safe search feature, an Inspection Policy must be selected on the Inspection tab of the Firewall Policy. If No Inspection Policy is selected, the safe search feature does not work.

You can enforce safe search in two ways:

DNS method

When you use the DNS (TCP with SafeSearch) or DNS (UDP with SafeSearch) services, the NGFW Engine redirects searches by changing the DNS response. You can see the supported search engines on the Protocol Parameters tab in the properties of the Service element. The supported search engines might be updated when a new dynamic update package is activated.

Note: The DNS method is not compatible with the DNS relay feature.

HTTP request modification method

When you use the HTTP (SafeSearch) or HTTPS (SafeSearch with decryption) services, the NGFW Engine modifies the search request by adding a restriction parameter to the search URL. For safe search enforcement to apply to HTTPS, TLS inspection must be configured, and you must enable decryption in the Access rule for HTTPS traffic. The Microsoft Bing and Yahoo search engines are supported.