Fortigate Web Rating Override Not Working Updated -

He ran diagnose debug flow on the firewall. The logs showed the traffic hitting the correct policy. It matched the URL. It applied the webfilter profile. Then, the magic:

He cracked open a cold coffee from three hours ago and dug into the CLI. That’s when he saw it. A tiny, almost invisible line in the config webfilter profile :

action: accept – reason: static-url-filter fortigate web rating override not working

“Override isn’t broken. Rating is.”

set ovrd-permit – wait, no. That wasn't the issue. He ran diagnose debug flow on the firewall

“No problem, Carla. I’ll check the FortiGate.”

“Marcus… the new sexual harassment training video is stuck. The LMS says ‘Category Blocked: Adult / Sex Education.’” It applied the webfilter profile

Marcus realized the truth. The FortiGuard servers had been unreachable for the past six hours due to a DNS failure on WAN2. When a FortiGate can’t reach FortiGuard, it doesn't just "allow everything" – it falls back to a default action. In his profile, the fallback was set to .