This article describes how the behavior of the 'action' value in web filter profile for Localy created categories. 

When a local category is created as follows: 

# config webfilter ftgd-local-cat  

     edit "custom1"  
            set id 140  
next 
 

It can be applied with different actions in the web filter profile: 

# config webfilter profile  
    edit "teeest"  
# config ftgd-wf  
#  config filters  
    edit 1  
        set category 140  
           next  
      end  

end  
   next  
end 
 
The category can have different 'action' values as follows.

Pay attention to 'allow' action which has different behavior in comparison to the regular Fortiguard categories: 

'Block' → Self explanatory, blocks all URL under this category.

'Authenticate' → Only available in proxy mode, will require client authentication in order to allow access to the category 

'Warning' → Displays warning page and 'proceed' button, note that a 'block' action will be logged in the logs in case of warning page. 

'Allow' → For local categories, allow means that the local category is allowed, but then the default FortiGuard category is applied and action is taken based on the URL fortiguard category.

'Monitor' → Allows the local category without further checking the Fortiguard category, also creates a log. 

In summary, for local category to fully bypass the original FortiGuard category, action 'monitor' have to be used.