For testing I created Web Filter profile, then policy with that profile. I placed this policy on top of other policies.
I can see in log it uses that policy:
Yes, the policy uses deep-inspection. It works the same way when I change to certificate-inspection.
If in that Web Filter profile I change category to "allow" and edit static URL entry "*youtube.com" and change its action to "block", then it work as I expect: it blocks only youtube, not e.g. vimeo.
I know old thread - but in Google on URL static filter it came first, so worth having this answered.
Static URL filter has precedence over Category web filtering only in Block action. In Allow action the URL will still be handed over to the further checks including Category check. The only way to force 'allow' action via URL static filter is to use "Exempt" action which does prevent URL from being checked for category, BUT ... it also exempts this url from any other checks like AV/IPS so use with care.
This is relevant for any FortiOS version and no signs of change.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.