FortiGates miss-categorizing FortiGuard URLS

Forum|Forum|7 years ago
September 28, 2018
1 reply
7535 views

So, I have at least 3 FortiGates (5.6.x) in my environment where they are miss-categorizing URLs as "Phishing" even though FortiGuard says they "Government and Legal Organizations". Manual overrides can be created and do work; sites are also categorized as "Government and Legal Org" in the Original Category column; it's like my FortiGates are not accepting FortiGuard's categories for some reason or another.

[Support Ticket Number: 2931401]

20180926_TAC_Case_2931401_03.jpg

Best answer by emnoc

Make sure your FGT is updated and can connect to the fortiguard

cityofclarksville.com is listed as

Category: Government and Legal Organizations

Dave_Hall

New Member

Hi Camron. Just to be on the safe side, have you confirmed/clarified the FQDN for cityofclarksville.com resolves to the correct IP(s)? Using KLOTHNS Lookup, I am showing 208.88.169.210 for IP. Punching this IP into the Web Filter Lookup shows it was at one time listed as a Phishing site, but as of today is now listed as Government and Legal Organizations.

IP-phshing-208_88_169_210.jpg

tanr

New Member

What was the timeframe you saw the issue? I saw a few webfilter blocks occur about 12 hours back that were on URLs that now show their categories as Business > IT. Maybe Fortinet had some issues updating their backend databases.

emnocAnswer

New Member

Make sure your FGT is updated and can connect to the fortiguard

cityofclarksville.com is listed as

Category: Government and Legal Organizations

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded