Web rating overrides

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will change a website’s FortiGuard web rating. For testing purposes, this website (cookbook.fortinet.com) will be changed from the category Information Technology to a custom category named Allowed Sites.

By changing the web rating for a website, you can control access to the site without affecting the rest of the sites in its original category.

This recipe only changes the website’s rating on your FortiGate. To request that the rating is changed for all of FortiGuard, go here.

1. Enabling web filtering

Go to System > Config > Features and make sure that Web Filter is ON. If necessary, Apply your changes.   

2. Creating a custom category and web rating override

Go to Security Profiles > Advanced > Web Rating Overrides and select Custom Categories.

Create a new category named Allowed Sites.

 

Go to Security Profiles > Advanced > Web Rating Overrides and create a new override.

Enter the website’s URL and select Lookup Rating to see the current rating.

In the Override to section, set Category to Custom Categories and Sub-category to Allowed Sites.

 

3. Adding FortiGuard blocking to the default web filter profile

Go to Security Profiles > Web Filter and edit the default profile. Enable FortiGuard Categories.

 

Expand Local Categories to make sure that the Allowed Sites category is set to Allow.

 

Expand General Interest – Business. Right-click on Information Technology to set it to Block.

 

4. Adding the default web filter profile to a security policy

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Web Filter and use the default profile.

 

5. Results

Browse to www.fortinet.com, which is part of the Information Technology category. A message will appear from FortiGuard, stating that access to this website is blocked.  
If you browse to cookbook.fortinet.com, you will still be able to access the site. 

For further reading, check out FortiGuard Web Filtering Service in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
An active license for FortiGuard Web Filtering Services is required to use web ratings.
  • Bertrand

    Hi,
    I applmied a web rating override for youtube, I have acces to the website but I can read the video. Any ideas?

  • Gangadhar Naredla

    what is the difference between the static url filter and web rating override..

    • Victoria Martin

      The web rating override is a broader solution, since any changes made to the FortiGuard categories will affect all policies that use web filtering based on those categories, without having to change their configuration.

      A static URL filter is applied directly to the web filter profile, so if you have several policies using different profiles, you would have to edit each profile individually.

  • Harel Shaider

    Hello, I was wondering. Is there a way to lookup the current url rating via CLI and not the UI? furthermore, is there a way to do so using the forti-os restapi ?

    Kind regards

  • Dina Hassan

    Hi, we have fortigate 100 D and the web filter overrides doesn’t appear any catogery, all URL doing the same.

  • Judith Haney

    Hello Riles,
    If you are using FOS 5.4.1 (or higher) and FortiClient 5.4.1 (or higher), you can read the recipe at http://cookbook.fortinet.com/adding-endpoint-control-security-fabric-54/ for tips. Or you could consult our online help: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/SP_whats_new_54.htm

    If you are using earlier versions of FOS or FortiClient, you could try http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-profiles-54/FortiClient%20Profiles/Devices_nac.htm

    Hope that helps!

  • nestorjuarezslots

    Hi, i’m having a problem with custom categories (Fortigate_100D), i have changed the web ratings of a list of websites and in some cases it does not work, just like if the override does not exist. I reapply the web rating override and it works again.
    Anybody knows what can be happening?

    • Martin

      I’m have the same issue also on a FGT100D. Did you find a solution?

      • nestorjuarezslots

        Deje de usar custom cateories, por este problema.
        En mi caso, usaba la recategorización de páginas, para dar accesos a ciertas pagina que pertenecían a una categoría bloqueda (sin tener que permitir toda la categoría).
        Para hacer esto, ahora uso el “url filter” para hacer estas excepciones.

        Saludos

      • Victoria Martin

        Hello Martin,

        As I said above, I would suggest contacting Fortinet Support about this issue: http://cookbook.fortinet.com/how-to-work-with-fortinet-support/

    • Victoria Martin

      Hello,

      Sorry for the delayed response. I would suggest you contact Fortinet Support about this issue: http://cookbook.fortinet.com/how-to-work-with-fortinet-support/