But it wasn’t working.
If you are trying to override a specific URL path (e.g., ://example.com ) rather than just a domain, you must use Deep SSL Inspection . A standard "Certificate-only" profile only sees the domain name and cannot inspect the full URL path or page content.
The specific syntax used in the override determines what it matches. A common mistake is defining the override too specifically or too broadly.
# Enable debug output for web filtering diagnose debug application urlfilter -1 diagnose debug enable fortigate web rating override not working
He logged in. There it was: . The URL was listed with a big green checkmark – “Allow.” The static filter was above the FortiGuard category list. It should have worked.
If you just created the override and tested it immediately, the browser or the FortiGate unit might be holding onto the old "state" of the connection.
If you're still experiencing issues, please provide more details about your configuration, FortiGate version, and the specific problem you're seeing, and I'll do my best to help you troubleshoot. But it wasn’t working
“Override isn’t broken. Rating is.”
The fastest way to force the FortiGate to recognize a new rating is to toggle the web filter cache. Navigate to . Locate the Web Filter Cache setting.
FortiGate firewalls cache rating results to speed up performance. If you recently created an override, the device may still be using the old, cached category. The specific syntax used in the override determines
Marcus sighed. He’d personally whitelisted that exact URL two weeks ago.
When a FortiGate Web Rating Override is not working, it is typically due to one of four root causes: , Protocol/Encryption mismatches , Policy Ordering , or Cache/Connection persistence .