Troubleshooting Tip: Web Rating Override is not ta...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 379617

Description

This article describes how to fix if the web rating override on a Web Filter profile is broken with the configured action after an upgrade to v7.2.11, v7.4.6, v7.4.7, v7.6.1, and v7.6.2.

Scope

FortiGate v7.2.11, v7.4.6, v7.4.7, v7.6.1, v7.6.2.

Solution

Custom Category:

2025-03-03 08 53 33.png

Web Filter Profile:

2025-03-03 08 50 54.png

2025-03-03 08 55 34.png

Firewall Policy:

2025-03-03 08 52 32.png

When accessing the website (doh.dns.apple.com), the FortiGuard Block Page is encountered. The website category should be 'Allowed_Custom'.

2025-03-03 08 56 12.png

Workaround:

Configure a dummy Custom Category and Web Rating Override/Local Rating. Copy and paste the command below on the CLI.

It will still work after it is deleted. Alternatively, delete and re-add one of the existing web rating categories and ratings. If the FortiGate was rebooted, apply the workaround again.

config webfilter ftgd-local-cat
edit "dummy-cat"
set id 190
next
end

config webfilter ftgd-local-rating
edit "dummy.local"
set rating 190
next
end

config webfilter ftgd-local-rating
delete "dummy.local"
end

config webfilter ftgd-local-cat
delete "dummy-cat"
end

The website is accessible:

2025-03-03 09 01 08.png

It has been confirmed that this issue will be resolved in v7.6.3 and v7.4.8.

4318

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Web Rating Override is not taking effect after upgrading to v7.2.11, v7.4.6 ,v7.4.7, v7.6.1 ,and v7.6.2

Description

Scope

Solution

You are leaving our website