FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 193927

Article

Description Fortiguard web filter category lookups performed by a FortiGate show the incorrect category for a web site, but when examining www.fortiguardcenter.com, the rating is appropriate.
Explanation

This is expected behavior when the protection profile option "Rate sites by URL and IP address" is selected. That is, when using this option, the IP address rating takes precedence. The rating mismatch can occur for many reasons; most commonly:

  • the given web site is hosted using the same IP address as other domains (e.g., virtual hosting)
  • a web site changes hosts, and IP address changes along with it
  • the domain is hosted in a load-balanced fashion, at different sites that host multiple domains

From the FortiGate Administration Guide:

"When enabled, this option sends both the URL and the IP address of the requested site for checking, providing additional security against attempts to bypass the FortiGuard system. However, because IP rating is not updated as quickly as URL rating, some false ratings may occur. This option is disabled by default."

The Fortiguard Center site, accepts requests to re-rate a given IP address, but the problem may arise that another domain hosted at any of the IP addresses listed will now be mis-categorized. With this in mind, Fortinet Americas TAC recommends disabling this option and using local ratings and categories instead.

This option requires that a list of local ratings and local categories be compiled and that any protection profile managing web filtering for internal users have this option enabled.

 

Contributors