So, I have at least 3 FortiGates (5.6.x) in my environment where they are miss-categorizing URLs as "Phishing" even though FortiGuard says they "Government and Legal Organizations". Manual overrides can be created and do work; sites are also categorized as "Government and Legal Org" in the Original Category column; it's like my FortiGates are not accepting FortiGuard's categories for some reason or another.
[Support Ticket Number: 2931401]
-TFWD
Solved! Go to Solution.
Hi Camron. Just to be on the safe side, have you confirmed/clarified the FQDN for cityofclarksville.com resolves to the correct IP(s)? Using KLOTHNS Lookup, I am showing 208.88.169.210 for IP. Punching this IP into the Web Filter Lookup shows it was at one time listed as a Phishing site, but as of today is now listed as Government and Legal Organizations.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Make sure your FGT is updated and can connect to the fortiguard
cityofclarksville.com is listed as
Category: Government and Legal Organizations
PCNSE
NSE
StrongSwan
Just keep in mind that your URL updatebased id are always changing and you might not be in sync with the fortiguard and the FortiOS version on FTNT site seens to show different categorization for the same websites .
You will see this mainly on new domains registered.
Ken Felix
PCNSE
NSE
StrongSwan
Hi Camron. Just to be on the safe side, have you confirmed/clarified the FQDN for cityofclarksville.com resolves to the correct IP(s)? Using KLOTHNS Lookup, I am showing 208.88.169.210 for IP. Punching this IP into the Web Filter Lookup shows it was at one time listed as a Phishing site, but as of today is now listed as Government and Legal Organizations.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
What was the timeframe you saw the issue? I saw a few webfilter blocks occur about 12 hours back that were on URLs that now show their categories as Business > IT. Maybe Fortinet had some issues updating their backend databases.
Make sure your FGT is updated and can connect to the fortiguard
cityofclarksville.com is listed as
Category: Government and Legal Organizations
PCNSE
NSE
StrongSwan
Ok, so quick up date, Dave you nailed it. Support got back with me and provided that the IP had been categorized as Phishing, FortiGuad updated the IP information and it's working now. I should've verified the IP as well, that's my bad.
emnoc, spot on. Just to confirm I went and double checked all my FGTs were up to date and able to communicate with FortiGaurd.
-TFWD
Just keep in mind that your URL updatebased id are always changing and you might not be in sync with the fortiguard and the FortiOS version on FTNT site seens to show different categorization for the same websites .
You will see this mainly on new domains registered.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.