Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
norton
New Contributor

Deleting Custom Categories in Web Filter

Hi all, I would like to clean up Custom Categories created in Rating Overrides Section. In CLI I enter ' config webfilter ftgd-local-cat' and then ' purge' command, but every time I get error: Local Category ID is used by protection profile WEB_FILTER_NAME. I checked WEB_FILTER_NAME and try all options (Allow, Block, Disable...) to this Category, but always errors appears, when I try to remove this Category. Thanks for help. Best regards, Michał S.
4 REPLIES 4
AtiT
Valued Contributor

Hi, I tried to remove this category and I got a message: THP_LAB # config webfilter ftgd-local-cat THP_LAB (ftgd-local-cat) # show config webfilter ftgd-local-cat edit " custom1" set id 140 next edit " custom2" set id 141 next end THP_LAB (ftgd-local-cat) # purge This operation will clear all table! Do you want to continue? (y/n)y Local Category 141 is used by protection profile WF Local Category 140 is used by protection profile WF THP_LAB (ftgd-local-cat) # Then I set the local category to ALLOW in the webfilter profile and it worked: THP_LAB (ftgd-local-cat) # purge This operation will clear all table! Do you want to continue? (y/n)y THP_LAB (ftgd-local-cat) # THP_LAB (ftgd-local-cat) # show THP_LAB (ftgd-local-cat) # Note: I had nothing in the local categories - it may be also the reason that it worked. Probably you have to set the local category to ALLOW in all the webfilter profiles. Fortigate-80C v5.0.5

AtiT

AtiT
norton
New Contributor

Thanks for reply. First I have problems with removing 7 local categories. I tried to remove them in many ways and after setting in all Webfilter Profiles ALLOW to all local category 3 local categories were removed. But there are still 4 categories which I can' t remove thought they are ALLOWED in Web Filter Profiles. Custom1 and custom2 - default local categories I removed without any problems - 4 categories left. We have 2 ForitGate 621B, (v.5.0.5.) working in HA.
obrienw
New Contributor

I had the same problem on v4MR3 after so many upgrades and patches. The following allowed me to " clear" the used categories from the profile. In the CLI: config webfilter ftgd-local-cat show [record the offending category id number] end config webfilter profile edit " Profile Name" config ftgd-wf show [press q at the first --More-- to get the command prompt back] [look for the line that starts with ' set enable' and copy that to a text editor. If there is a ' set disable' line after it, copy that as well. Scan the ' set enable' line and remove the category id number of the local category you want to remove.] unset enable [copy and paste the modified ' set enable' line and press Enter] [copy and paste the ' set disable' line if there was one and press Enter] end end [or ' next' if you have more profiles to work on] After you do this for all the Web Filter profiles that reference the category, you should be able to remove it.
808Lego
New Contributor

Old Topic but suddenly became relevant to me because of legacy actions from previous admins here.  I found the CLI listed from obrienw to be not compltely helpful because it seems to be missing some steps to a non CLI person trying to cleanly duplicate the instructions. 

 

After muddling through some realities on the Fortigate and how its dependencies work in the GUI - Think Addresses or Services and how they are tied into Firewall Rules and Reference Quantities - I realized I needed to remove those references in the Web Filter profiles themselves before they could be deleted.

  

FortiOS 7.2.7

Go into each Web Filter Profile in your Fortigate and find the offending custom category in the middle of screen manipulation window - Right click on it - hit Disable.  For whatever design reason choice from Fortinet they don't visually show this option - Feature request please if someone is paying attention... 

 

Do this for each Web Filter Profile you have - I had 7...  Once done go down the Gui Tree on the left side - Security Profiles - Web Rating Overrides.  Along the bar in the manipulation window there should be +Create New, Edit, Delete, Status, "gears" Custom Categories - Click this last one.  You should now see the custom categories group names.   If the "Number of Web Filter Profile References" says zero then you should now be able to delete the Custom group.  You can also edit names in here if you regret your initial name choice or someone put something here that doesn't make sense or changed with the times.  

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors