This article describes how to save changes on the Webfilter Fortiguard Categories on v7.2.8.
Table of Contents
Scope
Fortigate v7.2.8.
Solution
When changing some FortiGuard categories on the device to alter the action on a category, it reverts to ‘Allow’ and does not seem to accept the changes. It is not possible to configure ‘potentially liable’ categories such as drug abuse, hacking, illegal or unethical, etc.
When checking the web filter profile after saving the changes to the action, the changes did not take effect and reverted to their initial status.
This behavior is related to a known bug (1013866) on v7.2.8.
Workaround
Step 1: Create an entry for FortiGuard Categories that are impossible to change or action. Here is the list of categories and their corresponding numbers FortiGuard web filter categories
Here is a sample of how to edit the category action on CLI. In this example, the action is changed for category 3—hacking.
config webfilter profile (profile) # edit default (default) # config ftgd-wf (ftgd-wf) # config filters (filters) # edit 0 (0) # set category 3 (0) # set action block (0) # end (ftgd-wf) # end (default) # end
Step 2: Check the web filter profile. The action change in the FortiGuard category has been successfully changed.
This bug has been fixed in v7.4.4. Changing action on the web filter Fortiguard category is also working as expected on v7.2.7.