Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Sub-category actions

Sub-category actions

After configuring category override rules, an override category must be active in a web filter profile for it to take effect. Whether a category is active or not depends on the override method and action:

Override method

Active category actions

Inactive category actions

FortiGuard categories

Monitor, Block, Warning, or Authenticate

Allow

Local categories

Allow, Monitor, Block, Warning, or Authenticate

Disable*

Remote categories

Allow, Monitor, Block, Warning, or Authenticate

Disable*

*The Disable action is only available for local and remote categories by right clicking on the sub-category.

The Allow action in the GUI is different for FortiGuard categories compared to local and remote categories.

For local and remote categories, the Allow action in the GUI corresponds to the monitor action with logging disabled in the CLI:

config webfilter profile
    edit <profile>
        config ftgd-wf
            config filters
                edit 142
                    set category 142
                    set action monitor
                    set log disable
                next
            end
        end
    next
end

For FortiGuard categories, the Allow action in the GUI corresponds to no entry in the CLI:

The Internet Radio and TV sub-category has ID number 75.

config webfilter profile
    edit <profile>
        config ftgd-wf
            config filters
            end
        end
    next
end

This means that a FortiGuard category with the Allow action applied is effectively inactive, as there is no actual action specified in the CLI.

See Category override examples for sample configurations.

Previous
Next

Sub-category actions

After configuring category override rules, an override category must be active in a web filter profile for it to take effect. Whether a category is active or not depends on the override method and action:

Override method

Active category actions

Inactive category actions

FortiGuard categories

Monitor, Block, Warning, or Authenticate

Allow

Local categories

Allow, Monitor, Block, Warning, or Authenticate

Disable*

Remote categories

Allow, Monitor, Block, Warning, or Authenticate

Disable*

*The Disable action is only available for local and remote categories by right clicking on the sub-category.

The Allow action in the GUI is different for FortiGuard categories compared to local and remote categories.

For local and remote categories, the Allow action in the GUI corresponds to the monitor action with logging disabled in the CLI:

config webfilter profile
    edit <profile>
        config ftgd-wf
            config filters
                edit 142
                    set category 142
                    set action monitor
                    set log disable
                next
            end
        end
    next
end

For FortiGuard categories, the Allow action in the GUI corresponds to no entry in the CLI:

The Internet Radio and TV sub-category has ID number 75.

config webfilter profile
    edit <profile>
        config ftgd-wf
            config filters
            end
        end
    next
end

This means that a FortiGuard category with the Allow action applied is effectively inactive, as there is no actual action specified in the CLI.

See Category override examples for sample configurations.

Previous
Next