Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theFWdude
New Contributor

FortiGates miss-categorizing FortiGuard URLS

So, I have at least 3 FortiGates (5.6.x) in my environment where they are miss-categorizing URLs as "Phishing" even though FortiGuard says they "Government and Legal Organizations".  Manual overrides can be created and do work; sites are also categorized as "Government and Legal Org" in the Original Category column; it's like my FortiGates are not accepting FortiGuard's categories for some reason or another.

 

 

[Support Ticket Number: 2931401]

-TFWD

-TFWD
3 Solutions
Dave_Hall
Honored Contributor

Hi Camron.  Just to be on the safe side, have you confirmed/clarified the FQDN for cityofclarksville.com resolves to the correct IP(s)?  Using KLOTHNS Lookup, I am showing 208.88.169.210 for IP.  Punching this IP into the Web Filter Lookup shows it was at one time listed as a Phishing site, but as of today is now listed as Government and Legal Organizations.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
emnoc
Esteemed Contributor III

Make sure your FGT is updated and  can connect to the fortiguard

 

 cityofclarksville.com is listed as 

Category: Government and Legal Organizations

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
emnoc
Esteemed Contributor III

Just keep in mind that your URL updatebased id are always changing and you might not be in sync with the  fortiguard and the  FortiOS version on   FTNT  site seens to show different categorization for the same websites .

 

You will see this mainly on new domains  registered.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
5 REPLIES 5
Dave_Hall
Honored Contributor

Hi Camron.  Just to be on the safe side, have you confirmed/clarified the FQDN for cityofclarksville.com resolves to the correct IP(s)?  Using KLOTHNS Lookup, I am showing 208.88.169.210 for IP.  Punching this IP into the Web Filter Lookup shows it was at one time listed as a Phishing site, but as of today is now listed as Government and Legal Organizations.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
tanr
Valued Contributor II

What was the timeframe you saw the issue?  I saw a few webfilter blocks occur about 12 hours back that were on URLs that now show their categories as Business > IT.  Maybe Fortinet had some issues updating their backend databases.

emnoc
Esteemed Contributor III

Make sure your FGT is updated and  can connect to the fortiguard

 

 cityofclarksville.com is listed as 

Category: Government and Legal Organizations

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
theFWdude

Ok, so quick up date, Dave you nailed it.  Support got back with me and provided that the IP had been categorized as Phishing, FortiGuad updated the IP information and it's working now.  I should've verified the IP as well, that's my bad.

 

emnoc, spot on.  Just to confirm I went and double checked all my FGTs were up to date and able to communicate with FortiGaurd.  

 

 

 

-TFWD

-TFWD
emnoc
Esteemed Contributor III

Just keep in mind that your URL updatebased id are always changing and you might not be in sync with the  fortiguard and the  FortiOS version on   FTNT  site seens to show different categorization for the same websites .

 

You will see this mainly on new domains  registered.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors