Policy based - URL categories does't work

Kubajs · ‎12-17-2023

Hello,
I'm using policy-based mode on FortiGate and I have a problem with URL filtering. I have set up the rules as described here https://docs.fortinet.com/document/fortigate/7.2.0/new-features/472314/allow-web-filter-category-gro... and I have the rule targeting a user group. In the log, I see a deny rule that says the page is Unrated, but on the https://www.fortiguard.com/webfilter site, I can see that the page has a category.

I am sending log:

date=2023-12-16 time=16:33:02 eventtime=1702740782183012282 tz="+0100" logid="0316013056" type="utm" subtype="webfilter" eventtype="ftgd_blk" level="warning" vd="root" policyid=74 poluuid="7b975724-9285-51ee-f073-60f6db8bd24e" policytype="security-policy" sessionid=180151 user="Domain_user" authserver="FSSO_server" srcip=10.1.1.1 srcport=50104 srccountry="Reserved" srcintf="VLAN" srcintfrole="lan" srcuuid="efa45e5a-56d5-51ee-ff05-d73441199146" dstip=85.207.58.49 dstport=443 dstcountry="Czech Republic" dstintf="wan1" dstintfrole="wan" dstuuid="efa45e5a-56d5-51ee-ff05-d73441199146" proto=6 service="HTTPS" hostname="<website URL>" action="blocked" reqtype="direct" url="<website URL>" sentbyte=563 rcvdbyte=1460 direction="outgoing" msg="URL belongs to a denied category in policy" ratemethod="domain" cat=0 catdesc="Unrated"

I am completely lost :(

Can someone help me please?

Thanks

mle2802 · ‎12-18-2023

Hi @Kubajs,
Can you tried this command

config system fortiguard
set webfilter-force-off disable
end

Then close browser and try to browse again to see if the website still being blocked. Also after making the change, use "diag debug rating" to confirm if web filter is enabled.

View solution in original post

lgupta · ‎12-17-2023

Hello Kubajs,

Good day!

As per the logs:

"HTTPS" hostname="<website URL>" action="blocked" reqtype="direct" url="<website URL>" sentbyte=563 rcvdbyte=1460 direction="outgoing" msg="URL belongs to a denied category in policy" ratemethod="domain" cat=0 catdesc="Unrated"

You can use the static URL filter: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...

This way you can bypass that particular website from being inspected.

Thanks

Best regards,

-lgupta

If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

Kubajs · ‎12-17-2023

Thank you for your response. I pasted here complete log, but it was marked as spam. I hope that image remains :)

As I wrote, this website https://www.fortiguard.com/webfilter says that my page has a category. But it wasn't problem only for 1 website. All czech website I tried didn't work :(

hbac · ‎12-18-2023

Hi @Kubajs,

Is your FortiGate able to reach FortiGuard servers? What do you see in Web Filter logs?

Regards,

mle2802 · ‎12-18-2023

Hi @Kubajs,

Look like rating error issue. Can you check web filter log and confirm?

Kubajs · ‎12-18-2023

Yes, all websites are logged as Unrated. For exmaple Eset antivir, Adobe,....

mle2802 · ‎12-18-2023

Hi @Kubajs,

Can you try the command "diag debug rating"?

Kubajs · ‎12-18-2023

Interesting, it looks like web-filter service isn't working

Service : Web-filter
Status : Disable

mle2802 · ‎12-18-2023

Hi @Kubajs,

Do you have web-filter license? Can you check under system > fortiguard?

Kubajs · ‎12-18-2023

Yes, I do.