FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article aims to describe the recent changes in SDNS and Webfilter lookups, and also provide some tips on checking DNS and Webfilter categories on the FortiGate.
Scope All FortiOS versions.

SDNS and Webfilter lookups on the FortiGuard website have been updated to provide more granular lookup results based on the FortiOS version of the FortiGate - 7.0+, 5.6+, 5.4 or older.


The lookups are useful when troubleshooting why a specific website is getting blocked or when configuring DNS and Webfilter profiles.


SDNS lookup:




 Webfilter lookup:




In general, DNS and Webfilter categories for a specific website should be always the same for a given FortiOS version.

In case there is a discrepancy, always submit a recategorization request:


In CLI check the category numbers with the following command:


#get webfilter categories

<output omitted>
g07 General Interest - Business:
31 Finance and Banking
41 Search Engines and Portals
43 General Organizations
49 Business
50 Information and Computer Security
51 Government and Legal Organizations
52 Information Technology
53 Armed Forces
<output omitted>


After the DNS filter to a forward traffic policy on the FortiGate, check the SDNS cache (list of saved hostnames and their SDNS categories) with the following CLI command:


# diagnose test application dnsproxy 15

worker idx: 0
SDNS rating cache:, category=25, ttl=10797, category=42, ttl=10796, category=36, ttl=10796, category=30, ttl=10796, category=37, ttl=10796, category=37, ttl=10796, category=52, ttl=10795, category=39, ttl=10795, category=52, ttl=10795


For troubleshooting purposes, the SDNS cache can be cleared:


# diagnose test application dnsproxy 16


For more information on checking Webfilter cache please refer to the following article: