Troubleshooting Tip: Web Rating Override not working

rishab444 · ‎12-23-2024

Description

The article assists in fixing the problem when Web Rating override is used to allow a website but there is no impact or sometimes the impact is very inconsistent.

Scope

FortiGate

Solution

The Web rating override works consistently with an override to the 'Custom' Category.

In the CLI, run the following commands:

exe log filter category 3 <----- Web filter category ID.
exe log filter field srcip 192.48.1.2

exe log display

date=2024-12-22 time=13:54:56 eventtime=1734893696235188233 tz="-0500" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" policyid=1 poluuid="b5737652-bee5-51ef-068b-5b2ac0dd2b1a" policytype="policy" sessionid=879727 srcip=192.48.1.2 srcport=49486 srccountry="United States" srcintf="port3" srcintfrole="undefined" srcuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" dstip=160.153.61.67 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" proto=6 service="HTTPS" hostname="rabudiagnostic.com" profile="Clone of default" action="passthrough" reqtype="direct" url="https://rabudiagnostic.com/" sentbyte=2048 rcvdbyte=0 direction="outgoing" msg="URL belongs to an allowed category in policy" ratemethod="domain" cat=140 catdesc="custom1"

The Web rating override is inconsistent and does not work as well with standard categories for instance under General Interest -> Personal -> Health and Wellness:

Log:

date=2024-12-22 time=13:49:03 eventtime=1734893343179517841 tz="-0500" logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" policyid=1 poluuid="b5737652-bee5-51ef-068b-5b2ac0dd2b1a" policytype="policy" sessionid=876687 srcip=192.48.1.2 srcport=49451 srccountry="United States" srcintf="port3" srcintfrole="undefined" srcuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" dstip=160.153.61.67 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" proto=6 service="HTTPS" hostname="rabudiagnostic.com" profile="Clone of default" action="blocked" reqtype="direct" url="https://rabudiagnostic.com/" sentbyte=2160 rcvdbyte=0 direction="outgoing" msg="URL belongs to a denied category in policy" ratemethod="domain" cat=61 catdesc="Phishing" crscore=30 craction=4194304 crlevel="high"

The inconsistency is observed when the Standard category action is set to 'Allow'.
To fix this, change the action on a standard category to 'Monitor'.

Log:

date=2024-12-22 time=13:57:24 eventtime=1734893844393966980 tz="-0500" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" policyid=1 poluuid="b5737652-bee5-51ef-068b-5b2ac0dd2b1a" policytype="policy" sessionid=881178 srcip=192.48.1.2 srcport=49504 srccountry="United States" srcintf="port3" srcintfrole="undefined" srcuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" dstip=160.153.61.67 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="5465ab26-b41a-51ef-cce7-1754ece7dc2c" proto=6 service="HTTPS" hostname="rabudiagnostic.com" profile="Clone of default" action="passthrough" reqtype="direct" url="https://rabudiagnostic.com/" sentbyte=2016 rcvdbyte=0 direction="outgoing" msg="URL belongs to an allowed category in policy" ratemethod="domain" cat=33 catdesc="Health and Wellness"

Related article:

Technical Tip: How to narrow down specific logs from CLI of the FortiGate

Troubleshooting Tip: Web Rating Override not working

You are leaving our website