Marcus realized the truth. The FortiGuard servers had been unreachable for the past six hours due to a DNS failure on WAN2. When a FortiGate can’t reach FortiGuard, it doesn't just "allow everything" – it falls back to a default action. In his profile, the fallback was set to .
And the override? Overrides only work when the FortiGuard rating is successful . If the rating fails, the override is never even checked. The firewall sees an unrated URL and says, “I don’t know this site, and I can’t check, so… block.” fortigate web rating override not working
And he set the fallback action to for the HR VLAN. Marcus realized the truth
“Marcus… the new sexual harassment training video is stuck. The LMS says ‘Category Blocked: Adult / Sex Education.’” In his profile, the fallback was set to
“It’s like the override doesn’t exist,” he muttered.