Enable Antivirus scanning cause a major performance backdrop

which hardware and FortiOS version are you on? I' ve got all the units in my signature and all of them have AV enable and performance has not taken a hit on any of them.

Does anyone know why Fortinet Client antivirus, used in standalone mode (not as remote enterprise desktop) would suddenly start causing huge web performance degradation? I' ve been using it for more than a year, and suddenly 2-3 months ago it started really slowing things down. I call up a web page, and the page appears right away, but the page doesn' t respond--scroll bars, etc.--for 10 to 15 seconds. When I disable the Fortinet client, the problem goes away. Did Fortinet do something to their software recently to cause this? I can' t seem to find any settings I can change to try and counter the problem. It is also taking very long to upload photographs. Often the session times out before the upload finishes. Is Fortinet assuming I am in an enterprise environment, and scanning things on the way OUT of my computer? And if so, is there a way to make the software stop doing this? I am running Windows Vista, and have a 10Mbps cable modem connection. Any assistance is greatly appreciated!

Broadbrook, I am having the same problem. I remove the http option in Protection Profile/AV (im using the scan profile name) the problem goes away.. any technical help or recomendation would be great... db

We have a cluster of Fortigate 500 running 3.00-b0741 (MR7 P5). We also lower the buffer setting as suggested but the performance hit still there. Also once we lower the buffer setting down to 1 and 1024. We don' t seem to catch any virus at all. We tested by accessing to known trojan horse site and also sending 50 virus email to internal and it all went through. Any suggestion?

Thanks for the replies abelio & Phuoc. I changed the suggested setting to 1 - 600 based on this article http://tinyurl.com/njfn9w However, I noticed that the download was still taking longer so I configured the setting to be 1 – 1200; this seems to fix the issue. Phuoc brought up a great point, how do I know if the HTTP scan is working at all with the applied settings I have. Anyone know a known Trojan horse sites? Any Suggestions

I still haven' t been able to figure out how the virus got pass through the firewall when we lower down the client comfort setting. Virus traffic always got through port 80 and SMTP port 25. Our web filter and mailgateway was able to detected and clean out the virus before it hit the internal network. What is the best way to validate whether the antivirus scan on the Fortigate function properly? Thanks,

Yes, you will notice a significant throughput drop when using the AV scanning. The more filters you apply, the worst it will get. Fortinet gives rating for each of their Fortigate, but a Fortinet engineer told me those figures are slightly exagerated because " The competition also exagerates theirs figures" , he says. Using a pair of Fortigate 800 in A/A mode, http throughtput go from 85-95 Mbps without AV scanning turn on, down to 20-25 Mbps with it turned on. Fortinet rates it at 150 Mbps. Slightly exagerated figures indeed. Just godda get a much faster Fortigate... says the Fortinet Reseller...

You might consider using the " simple" in-the-wild database only not the extended DB for AV scanning. The former contains the top-NNN hottest viruses, the latter most of all known ones. Scanning with the leaner DB poses no real risk IMHO as many known viruses are no longer circulating. And yes, if the FGT passes 1200 bytes of a web page while still scanning it might well be passing a virus. I' d do away with client comforting over, say, 256 bytes at a time. But then again, I don' t have any performance issues with AV, using a 50B or a cluster of 310Bs. The hardware you are using might really be not up to the performance you are expecting - how many concurrent users, on which FGT?