Hello,   I have a Fortigate 60E on 5.6.3 I have installed the FSSO agent on my DC and connected succesfully to my forti. Created a FSSO Group and all are checked green.   Then i create a webfilter Default. Add this in my firewall rule. Then i create a web profile override with that FSSO Group.. and webfilter profile "blockpornwebsites" The webfilter profiel blocks category "pornography"   When i logged on with my test account "testporn" who is in the selected AD Group and i go to youporn.com then the website did not get blocked. The Firewall user Monitor also sees my FSSO logon.. also the agent logs the logon The Webfilter log, logs that the traffic is blocked, but i reality the site is not blocked Who can help me?

-firewall (override) # show

config webfilter override

 edit 1

 set status enable

 set scope user-group

 set old-profile "default"

 set new-profile "BlockPornoWebsites"

 set expires 2018/02/25 12:44:00

 set initiator ""

 set user-group "fsso Group - Block Porn"

 next

end

-firewall # diag test application ovrd 3

VD Status Initiator Old Profile New Profile Scope Expiry Date 

root enable default BlockPornoWebsites grp:fsso Group - Block Porn Sun Feb 25 12:44:00 2018

Total override entries: 1

Webfilter LogActionActionblockedPolicy18   SecurityLevel Threat LevelhighThreat Score35   Web FilterProfile NameBlock Porno WebsitesRequest TypedirectDirectionoutgoingMethoddomainCategory14Category DescriptionPornographyMessageURL belongs to a denied category in policy

 

--

 

Solved, I made more rules to the internet, within the rules I add a fsso group as sources and specified the correct webfilter. So, no override is used.