Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff & Editor
Staff & Editor

Created on ‎08-03-2021 10:57 PM Edited on ‎07-08-2025 09:03 PM By Community Manager

Article Id 196830

Troubleshooting Tip: Verify the webfilter cache content

Description


This article describes how to collect the webfilter cache URLs, URL category rating, and cache TTL for a specific entry.

 

Scope


FortiGate.


Solution

 

  • Use the following command to dump the web filter Cache entries in the FortiGate. 

 

Caution:

This command is for diagnostic purposes onlyThe bigger the cache size is set, the more impact on performance the command has.

 

diagnose webfilter fortiguard cache dump

 

The output will provide the cache URL and its rating information. If the web filter processing the lookup has 'Rate URLs by domain and IP Address', both the domain and an IP address may be displayed.

 

Cache Contents:
-=-=-=-=-=-=-=-
Cache Mode:   TTL
Cache DB Ver: 24.61583

Rating            DB Ver  T URL
00000000|00000000 24.61582 P Dhttps://40.74.108.123/
34000000|34000000 24.61582 E Dhttps://settings-win.data.microsoft.com/
00000000|00000000 24.61581 P Dhttps://172.217.161.10/
34000000|34000000 24.61581 P Dhttps://safebrowsing.googleapis.com/

 

In the above example, the domain of the URL 'settings-win.data.microsoft.com' is in category 0x34, while the IP address 40.74.108.123 is in category 0x0.

 

  • Converting the hexadecimal value 0x34 to decimal gives category 52 <----- Information Technology.
  • The hexadecimal value 0x0 is equivalent to decimal 00 <----- Unrated.

If the web filter profile has 'Rate URLs by domain and IP Address' enabled and the IP address and domain have different category results, the hardcoded weight of the categories is compared to determine the final category verdict. In most cases, it is recommended to disable 'Rate URLs by domain and IP address'. See the KB article Technical Tip: URL blocked by Web Filter because of different rating of URL and IP address

 

To filter the 'webfilter fortiguard cache dump', follow the syntax below and press 'Y' to display the output:

 

diagnose webfilter fortiguard cache dump | grep -i microsoft -B 1

00000000|00000000 24.61582 P Dhttps://40.74.108.123/
34000000|34000000 24.61582 E Dhttps://settings-win.data.microsoft.com/

 

  • To know the TTL of the URL entry in the cache, use the following command:

 

diagnose webfilter fortiguard cache ttl
TTL List Contents:
-=-=-=-=-=-=-=-=-=-
Cache TTL: 300 <----- By default, the Cache TTL will be 3600.

TTL        URL
       234 Dhttps://settings-win.data.microsoft.com/
       234 Dhttps://20.44.239.154/

 

  • To know the category ID in the FortiGate, use the following command:

 

get webfilter categories

 

  • To clear the web filter cache.

 

diagnose test application urlfilter 2

 

Alternatively, rebooting the FortiGate will also clear the web cache.

16032
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.