FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190712
Radio streaming is part of the daily traffic load on the FortiGate.  The Internet has several sites where users can tune whichever radio station in the world; also customer has their own radio station to be monitoring

In order to listen to the radio station, the streaming is injected by HTTP.Segmented.Download (port 80), this streaming is pushed to user’s device.

The disadvantage of having traffic inspection on the FortiGate made several Radio station unable to cross the device to reach destination (users browsers). If the FortiGate is making inspection into this traffic some packets do not arrive on time to users and are discarded causing audio not to be received on the user’s device.

All FortiGate devices

1. Identify the Radio streaming source. It can be found using application control profile to monitor, it is usually found as HTTP.Segmented.Download or HTTP.Audio



2. Once identified, clone or create AV_Profile and WF_Profile in flow mode.  Once the profiles have been created, inspection mode has to be changed by CLI:


3. Create policy specifying just the source of the streaming and apply Streaming profiles with Flow-Based inspection:
config firewall policy
    edit 2
        set name "Streaming"
        set uuid 3ccdc06c-da46-51e7-d4a4-eada6df96b42
        set srcintf "port3"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "Streaming1" (
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set av-profile "Streaming"
        set webfilter-profile "Streaming"
        set application-list "default"
        set profile-protocol-options "default"
        set nat enable

4. Once created, it has to be placed before the policy that is inspecting general user traffic.