| IPS debug can be used to investigate the DNS Filter category matching in FortiGate: get webfilter categories diagnose debug reset
diagnose ips debug enable dns
diagnose ips filter set 'src x.x.x.x'
diagnose debug console timestamp enable
diagnose debug enable After the test, disable debug:
diagnose debug disable
For debug output 1, the URL 'football365.com' matches category 46 ('Sport') in DNS profile 'default-10297148': 2025-02-25 15:07:43 [2265@4544]dissect_query_records: dns request: name football365.com, type 1, class 0x1, size 17
2025-02-25 15:07:43 [2265@4544]ips_eng_log_dnsfilter: sess:1158676 profile:default-10297148 action:0 name:football365.com category:0
2025-02-25 15:07:43 [2265@-1]ips_handle_dnsfilter_fgd_answer: sess:4544, id:1, action:8, resume:1, error:0, category:46, byip:0, log:1 rcode: 0
2025-02-25 15:07:43 [2265@-1]ips_eng_log_dnsfilter: sess:1158676 profile:default-10297148 action:8 name:football365.com category:46 <-- get webfilter categories
46 Sports <-- For debug output 2, the URL 'example.com' matches the local domain filter in the DNS profile 'default-10297148: 2025-02-25 15:08:31 [2265@4546]dissect_query_records: dns request: name example.com, type 1, class 0x1, size 13
2025-02-25 15:08:31 [2265@4546]ips_eng_log_dnsfilter: sess:1158831 profile:default-10297148 action:0 name:example.com category:0
2025-02-25 15:08:31 [2265@4546]match_dnsf: matched dns rule dns-udp-0-default-10297148-3200000 (aid:3200000), action:5, log=1
2025-02-25 15:08:31 [2265@4546]set_dns_redirect_message: DNS redirect UDP session 4546 to 208.91.112.55
2025-02-25 15:08:31 [2265@4546]ips_eng_log_dnsfilter: sess:1158831 profile:default-10297148 action:8 name:example.com category:0
2025-02-25 15:08:31 [2265@4546]set_pkt_dnsf_verdict: action=DROP <<== config dnsfilter domain-filter edit 1 set name "default-10297148" config entries edit 1 set domain "example.com"
set type simple
set action block
set status enable end end | 
