FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff
Article Id 196830

Description


This article describes how to collect the webfilter cache URLs, URL category rating, and cache TTL for a specific entry.

 

Scope


FortiGate.


Solution

 

  • Use the below command to dump the web filter Cache entries in the FortiGate.

 

dia webfilter fortiguard cache dump

 

The output will provide the cache URL and its rating information.

 

Cache Contents:
-=-=-=-=-=-=-=-
Cache Mode:   TTL
Cache DB Ver: 24.61583

Rating            DB Ver  T URL
00000000|00000000 24.61582 P Dhttps://40.74.108.123/
34000000|34000000 24.61582 E Dhttps://settings-win.data.microsoft.com/
00000000|00000000 24.61581 P Dhttps://172.217.161.10/
34000000|34000000 24.61581 P Dhttps://safebrowsing.googleapis.com/

 

In the above example, the domain settings-win.data.microsoft.com domain (highlighted in green) is in category (Hex) 34, while the IP address of the URL (highlighted in yellow) is in category (Hex) 34.


When we convert Hexadecimal to Decimal, it will be 52 <----- Information Technology.

If in webfilter profile, Rate URLs by domain and IP Address is enabled then both the rating should be in the allowed category, if not website will get blocked.

- To know the TTL of the url entry in the cache, use the below command:

 

# dia webfilter fortiguard cache ttl
TTL List Contents:
-=-=-=-=-=-=-=-=-=-
Cache TTL: 300 <----- By default Cache TTL will be 3600.

TTL        URL
       234 Dhttps://settings-win.data.microsoft.com/
       234 Dhttps://20.44.239.154/

 

- To know the category ID in the FortiGate, use below command:

 

# get webfilter categories

 

- To clear the webfilter cache.

 

# diagnose test application urlfilter 2

 

Caution:

This command is for diagnostic purposes ONLY.
The bigger the cache size is set, the more impact on performance the command has.

 

Alternatively, rebooting the FortiGate will also clear the web cache.