The 'Exempt' action for a defined URL in the URL filter will permit the traffic to pass through the firewall without any further scanning. There will be no match against FortiGuard web filters (FortiGuard categories), Web Content Filter, or so on, however there might be a need to further scan the traffic and take action.

There is an option in CLI to control which scan can be exempted and which traffic still needs to be scanned further. This could be achieved via the below options under the exempt hierarchy for URL:

av                                 AntiVirus scanning.
web-content                Web filter content matching.
activex-java-cookie      ActiveX, Java, and cookie filtering.
dlp                                DLP scanning.
fortiguard                      FortiGuard web filtering.
range-block                  Range block feature.
pass                             Pass single connection from all.
antiphish                       AntiPhish credential checking.
all                                 Exempt from all security profiles.

This feature is helpful, where the requirement is to further scan the traffic post using the Exempt option, in those situations, it is possible to use the above options in a static URL filter and the configuration could be done via cli only.

config webfilter urlfilter
    edit 1
        set name "Exempt"
            config entries
                edit 1
                    set url "*.eicar.org*"
                    set type wildcard
                    set exempt web-content fortiguard <-- By using the exempt option with 'web-content' and 'fortiguard' traffic will be further inspected.
    next
end