Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmehta
Staff
Staff

Created on ‎05-23-2025 10:53 AM Edited on ‎08-18-2025 07:43 AM By Moderator

Article Id 393086

Technical Tip: FortiGate Fails to Categorize API Traffic - Diagnosis and Fixes

Description This article describes how to address the 'A rating error occurs' message seen in FortiGate web filtering logs. This indicates that the firewall could not retrieve a valid web category rating from FortiGuard services for certain URLs, which may prevent access depending on the policy.
Scope FortiGate.
Solution
  1. A Rating Error Occurs:

 

This message appears when a FortiGate firewall attempts to perform a web filter rating request via FortiGuard but fails to receive a valid response. This can result from various network or configuration issues.

  • If the firewall cannot reach the correct FortiGuard server or if the response is delayed or invalid, it logs the following: 'A rating error occurs'.
  • The FortiGate attempts to contact FortiGuard's SDNS (Secure DNS) or web filtering rating servers to categorize a URL.

 

Error.png

 

  1. The Following factors are responsible for the occurrence of rating errors:

 

A recent FortiOS upgrade may have changed how FortiGate handles domain categorization and FortiGuard communication.

FortiGuard may have updated or deprecated certain FDS or SDNS IPs, making older/default configurations unreliable.

New URL patterns (e.g., API endpoints with query strings) may now require real-time categorization instead of static lookups.

Changes in DNS infrastructure or ISP policies may now block or delay access to FortiGuard services.

 

Recommendation:

  • Ensure FortiGate has reliable SDNS servers configured:

 

config system fortiguard

set sdns-server-ip 208.91.112.55 208.91.112.5

end

 

  • Check Internet Access to FortiGuard.

Cause:

  • Unreachable FortiGuard Distribution Servers (FDS).
  • Missing or default SDNS configuration.
  • Real-time rating required for some URLs.
  • Regional server latency or ISP-related DNS blocks.

 

Related article:

Technical Tip: Web Page Blocked 'An error occurred while trying to rate the web site using the webfi...
Labels:
281
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.