Created on 01-30-2008 12:00 AM Edited on 01-30-2024 02:05 AM By Kate_M
Article
Description | Fortiguard web filter category lookups performed by a FortiGate show the incorrect category for a web site, but when examining www.fortiguardcenter.com, the rating is appropriate. |
Explanation |
This is expected behavior when the protection profile option "Rate sites by URL and IP address" is selected. That is, when using this option, the IP address rating takes precedence. The rating mismatch can occur for many reasons; most commonly:
From the FortiGate Administration Guide: "When enabled, this option sends both the URL and the IP address of the requested site for checking, providing additional security against attempts to bypass the FortiGuard system. However, because IP rating is not updated as quickly as URL rating, some false ratings may occur. This option is disabled by default." The Fortiguard Center site, accepts requests to re-rate a given IP address, but the problem may arise that another domain hosted at any of the IP addresses listed will now be mis-categorized. With this in mind, Fortinet Americas TAC recommends disabling this option and using local ratings and categories instead. This option requires that a list of local ratings and local categories be compiled and that any protection profile managing web filtering for internal users have this option enabled. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.