We have made a new Policy "Restricted" and blocked "Bandwidth Consuming" and its sub-categories in Web filter. But there are websites which are in its sub-categories aren't blocking. Users can easily access those blocked websites. We have put "blocked rules" policy in the end of ipv4-policy. I have attached screenshots as well. I even blocked it from DNS filter but its still not blocking it.
See this article and also, rules that restrict/filters certain/specific traffic should be placed at the top of the policy table to make sure they do have/take effect and are not overridden by a rule/filter above it which permits the traffic that should be blocked.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.