Anti=Virus not catching Infect HTTPS traffic.

HTTPS cannot be antivirus checked, as its encrypted between the browser and the webserver. there are few devices that can do this, and they are mostly proxy servers which are expensive. This is why the fortinet is not a replacement for desktop AV software...

yup... same thing for me when I went to eicar.org HTTPS traffic can’t be scanned; but I think I heard somewhere that capability might be added into the FortiGate? Or Maybe it was something to do with SSL VPN and the FortiOS thats not out yet. UkWizard is correct in saying the Firewall should not be used as desktop AV replacement, if anything it should be used as an additional layer of security in your existing setup. If you need desktop AV; I would highly recommend Kaspersky Labs, I am on my 3rd year using their products and am very impressed.

Offtopic: What Kaspersky product do you use ? How s the licensing ? Does they update your software, too ? (I mean the product engine or by adding other functionalities over years).

The fortigate is an http proxy. How do you think it inspects the packets. If you look at the processes thhtpd is the proxy process. To inspect encrypted traffic where you do not have the keys you have to do a man-in-the-middle attack and that is a little trickier, not to mention the ethical considerations. Finjan I believe has a product that does this, and there are others. I suspect that Fortinet will be forced to follow the same path.

Yesterday I have tested HTTPS scanning on another vendor' s product gateway Protect, and I was impressed by the results. Then I immediately had contact with Fortinet and I can confirm Victor sayings: in v4.0 that will hit us in about 5-6 months, they promised to introduce this feature. I m just curious if they' ll implement on small equipments like 110C or they simply start with 310B.

I wonder how this should work ... https is encrypted traffic ... how is it possible that it could be scanned?

That means ... each https website is shown up in the webbrowser with a fortinet certificate? And everytime a user accesses a https website he has to klick away all those certificate error messages? That´s not good ...

The problem with that is, that you totally lose the control of the other points certificate!!! This is a problem by design, which will spend us some grey hair in future ;)!

The Fortigate can block invalid certificates.

That means ... each https website is shown up in the webbrowser with a fortinet certificate? And every time a user accesses a https website he has to click away all those certificate error messages? That´s not good ...

I suspect it would be a wildcard certificate, signed by a root CA, which would need to be trusted by the client. Otherwise, since the FGT is terminating the SSL connection, it could present the page to the client as https://fqdn.of.fgt/proxy/https/fqdn.of.requested.site/page.extension As an example. Banks, etc wont be proxied as legislation does not permit it.

I investigated this some time ago, and found that the only way it can be scanned is by a proxy, as the web browser has to have a proxy configured, so it will allow the proxy to decrypt the traffic by becoming the ' end point' of the vpn encryption. A man in the middle attack shouldn' t be possible in theory. I cannot imagine the fortigates ever having this functionality on its road map, as the cpu overhead would be too great. This is why no perimeter av scanning is a replacement for desktop AV, desktop AV should always be used.