Enforcing safe search features in Access rules

The safe search feature helps schools and other organizations to limit web searches and filter out potentially offensive content from search results. If end users change the safe search settings in the browser, safe search is not disabled.

You can enforce safe search in two ways:

DNS method

When you use the DNS (TCP with SafeSearch) or DNS (UDP with SafeSearch) services, the NGFW Engine redirects searches by changing the DNS response. To see the supported search engines, open the properties of the TCP or UDP service, then click the Protocol Parameters tab. To modify the settings, create a copy of the service, then modify the settings on the Protocol Parameters tab. The supported search engines might be updated when a new dynamic update package is activated.

HTTP request modification method

When you use the HTTP (SafeSearch) or HTTPS (SafeSearch with decryption) services, the NGFW Engine modifies the search request by adding a restriction parameter to the search URL. For safe search enforcement to apply to HTTPS, TLS inspection must be configured, and you must enable decryption in the Access rule for HTTPS traffic. The Microsoft Bing and Yahoo search engines are supported.