SDNS and Webfilter lookups on the FortiGuard website have been updated to provide more granular lookup results based on the FortiOS version of the FortiGate - 7.0+, 5.6+, 5.4 or older.

The lookups are useful when troubleshooting why a specific website is getting blocked or when configuring DNS and Webfilter profiles.

SDNS lookup: www.fortiguard.com/services/sdns

 Webfilter lookup: www.fortiguard.com/webfilter

In general, DNS and Webfilter categories for a specific website should be always the same for a given FortiOS version.

In case there is a discrepancy, always submit a re-categorization request:

www.fortiguard.com/contactus

In CLI check the category numbers with the following command:

get webfilter categories

<output omitted>
g07 General Interest - Business:
31 Finance and Banking
41 Search Engines and Portals
43 General Organizations
49 Business
50 Information and Computer Security
51 Government and Legal Organizations
52 Information Technology
53 Armed Forces
<output omitted>

After the DNS filter to a forward traffic policy on the FortiGate, check the SDNS cache (list of saved hostnames and their SDNS categories) with the following CLI command:

diagnose test application dnsproxy 15

worker idx: 0
SDNS rating cache:
name=youtube.com, category=25, ttl=10797
name=aliexpress.com, category=42, ttl=10796
name=bbc.co.uk, category=36, ttl=10796
name=www.nationalgeographic.com, category=30, ttl=10796
name=twitter.com, category=37, ttl=10796
name=instagram.com, category=37, ttl=10796
name=www.microsoft.com, category=52, ttl=10795
name=wikipedia.com, category=39, ttl=10795
name=fortinet.com, category=52, ttl=10795
RATING CACHE num=9

For troubleshooting purposes, the SDNS cache can be cleared:

diagnose test application dnsproxy 16

For more information on checking Webfilter cache, see Troubleshooting Tip: Verify the webfilter cache content.