|Description||This article aims to describe the recent changes in SDNS and Webfilter lookups, and also provide some tips on checking DNS and Webfilter categories on the FortiGate.|
|Scope||All FortiOS versions.|
SDNS and Webfilter lookups on the FortiGuard website have been updated to provide more granular lookup results based on the FortiOS version of the FortiGate - 7.0+, 5.6+, 5.4 or older.
The lookups are useful when troubleshooting why a specific website is getting blocked or when configuring DNS and Webfilter profiles.
SDNS lookup: www.fortiguard.com/services/sdns
Webfilter lookup: www.fortiguard.com/webfilter
In general, DNS and Webfilter categories for a specific website should be always the same for a given FortiOS version.
In case there is a discrepancy, always submit a recategorization request:
In CLI check the category numbers with the following command:
#get webfilter categories
After the DNS filter to a forward traffic policy on the FortiGate, check the SDNS cache (list of saved hostnames and their SDNS categories) with the following CLI command:
# diagnose test application dnsproxy 15
worker idx: 0
For troubleshooting purposes, the SDNS cache can be cleared:
# diagnose test application dnsproxy 16
For more information on checking Webfilter cache please refer to the following article: