FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 250697
Description This article explains how URLs in the 'Newly Observed Domain' classification are re-categorized.
Scope FortiGate 5.6 or above.

A URL is detected as a 'Newly Observed Domain' if the domain name does not exist in the database and the URL is observed for the first time by the FDN server.


The URL will then remain in this category for 30 minutes during which it is scanned for malicious content.


If there is no malicious content found, the category for the URL changes to 'Not Rated'.

These 'Not Rated' domains will then be queued for review based on the visit counts.


The duration depends on how popular the 'Unrated' websites are and how long the 'Unrated' queue is.

However, after some time it is also possible to encounter the same domain as NOD again for these reasons:

1) The FDN cache expires and the URL gets removed from the cache; the NOD rating is returned. Or,

2) Because of the rare visits, it is possible to hit a different FDN server, and that server seeing it for the first time returns the NOD rating.

As for URL re-categorization made via the FortiGuard Web Filter Rating Submission, the response time may vary depending on the number of submissions in queue/priority.