Technical Tip: How to configure a web rating override to authenticated users/user-groups for a blocked category in a web filter profile

Create a web-filter profile, and block the category in the FortiGuard category-based filter.

Go to Security Profiles -> Web Filter and select Create New.

Create another web-filter category for users to override the blocked category using another web-filter profile.

To use a user/user group to override the blocked category, allow users to override blocked categories and add another web filter profile.

Create a web rating override. It is possible to check categories and sub-categories using the Look up rating. The overrides in Custom Category point to another web-filter profile that has been created (web-filter 2).

Add user/ user-group to 'authenticate' in the custom category. 

To use the web filter profile in a security policy in the GUI:

1. Go to Policy & Objects -> Security Policy and select Create New.

2. Enter a name for the policy, and configure the remaining settings as required.

Under Security Profiles, enable Web Filter and select the web filter.

Now when a user in the user group tries to access a website that comes under the block category, it will override the user group using web-rating override. The user needs to authenticate using credentials.

After authenticating, the user will be able to access the blocked website.

To display user override entries run the following CLI command (note that this command is for diagnostic purposes ONLY and it could affect the performance of override features.):

diagnose webfilter fortiguard override all-user-override