Description
This article explains how to override a website's FortiGuard-based category rating on the FortiGate so that it can be assigned to a different category. This is useful when a particular website/domain needs to be treated differently without impacting other websites belonging to the same category (for example, whitelisting YouTube while still blocking the Streaming Media and Download category as a whole).
Scope
FortiGate, FortiGuard Category-based Web Filtering.
Solution
Important Note:
Web Rating Overrides can be configured on the FortiGate to override a given domain, but note that these overrides also apply to sub-domains unless a more specific match exists. For example, an Override created for 'example.com' will also affect the categorization of sub-domains like 'test.example.com' and 'vpn.example.com', resulting in all three websites being categorized the same.
This means that there is no need (or support for) wildcard expressions within Web Rating Overrides since it is handled automatically. On the other hand, if a sub-domain needs to be handled separately from the main domain then a more-specific Web Rating Override must be created that matches the sub-domain(s) in question.
To override the FortiGuard web rating, go to Security Profiles -> Web Rating Overrides.
Select any column heading to select columns that are displayed or to reset all the columns to the default settings.
Drag column headings to change the orders.
The following options are available:
Create New | Create a new web rating override. See: To create a new web rating override. |
Edit | Modify the selected web rating override. See: To edit a web rating override. |
Delete | Remove the selected web rating override. See: To delete an override or overrides. |
Custom Categories | Select to create a custom category for groups of URLs. See: To create a new custom category for a group of web sites |
Search | Enter a search term to search the web rating override list. |
URL | The URL of a web site. |
Override Category | The new category for the web site. |
Original Category | The category that the web site originally belonged to. |
Status | Override is enabled or disabled. |
Web rating overrides can be created, edited, and deleted as required.
To create a new web rating override.
To edit a web rating override.
To delete an override or overrides.
Example Scenario: Customer wants to block website tiktok.com but allow other websites in the Social Networking category. To accomplish this, a Web Rating Override can be created to assign TikTok to another category (in this example, Adult/Mature Content -> Other Adult Materials was chosen):
At this point, Web Filtering will now categorize connections to tiktok.com as belonging to Adult/Mature Content -> Other Adult Materials. The category can be set with the Block action within a given Web Filtering profile and the profile can then be applied to Firewall Policies on the FortiGate to block user access to the website.
To create a new custom category for a group of web sites:
To use the new category when creating/editing a Web Rating Override, change the Category field to 'Custom Categories'. The new custom categories are listed in the Sub-Category drop-down menu.
Important Note: Once the override is created using a custom category, go to the Web Filter profile and change the action for the new category to one of the following: Allow, Monitor, Block, Warning, or Authenticate. By default, custom categories are set with the Disable action, so any overrides that are based on these custom categories will not take effect until the custom category has an action other than Disable.
Note:
Before v6.4.2 (i.e. 6.4.1, 6.2 and all earlier), Web Rating Overrides would not take effect if the Action for the custom category was set to Allow. In 6.4.2 and later, a new Disable action was added as the new default so that the Allow action worked as expected for custom categories (see also: FortiOS 6.4 New Features - Explicitly enable custom categories [...])
As shown in the example, 'newest.com' belongs to the 'Information and technology' category, it is configured to be overridden by the 'business' category, so the business category action must be set as Monitor, Block, Warning, or Authenticate.
If the override login page is not loading properly, check the authentication settings and choose the correct certificate.
config user setting
set auth-cert Fortinet_Factory <----- This certificate will be used for the override page. Ensure this setting has the correct certificate.
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.