Skip to main content
marypoppins
marypoppins
New Member
September 20, 2021
Question

redir-to-av

  • September 20, 2021
  • 1 reply
  • 19262 views

Dear All,

 

A would like to ask if you can see the following in a session (redis in state, and no_ofld_reason: redir-to-av), is that means the traffic is redirected to antivirus feature? 

 

state=redir local may_dirty src-vis nlb

misc=0 policy_id=480 auth_info=0 chk_client_info=0 vd=0

no_ofld_reason:  redir-to-av mac-host-check

 

client - (inputIF)fortigate(outputIF) - server

syn>                                                 >syn> <syn+ack                                         >syn> ack>                                                 >syn>

                                                        >syn>

                                                        >syn>

 

I have a strange behaviour, in the input interface it seems that fortigate make a 3-way handshake, and communication with the client, but just send SYN packages to the output interface. However in the allow-policy (which shows in this session:policy_id=480) there is no security profiles defined at all (no-inspection).

Don't know whats the problem. Any advice appreciated!

 

thank you

 

 

    1 reply

    marypoppins
    marypoppinsAuthor
    New Member
    September 20, 2021
    Update: sorry, I found that the handshake was successful on the output side (bad mistake other side was turned off pfff), however, the data (packets with push flag on) seems to be filtered out yet. So the question remains. I checked the full config I only found av-profile default in the sniffer settings...
    Terms & ConditionsAccessibility statement