FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kaspersky uses ports 80 and 443 to register and download updates; if "SSL Inspection" is enabled on your policy then a "ssl exemption" will be required.
1) Create two FQDN objects
config firewall address edit "Kaspersky_0" set type fqdn set fqdn "*kaspersky.com" next edit "Kaspersky_1" set type fqdn set fqdn "*kaspersky-labs.com" next end
2) Add the FQDN objects to "ssl exempt" on the FULL SSL Inspection profile
config firewall ssl-ssh-profile edit "your_FULL_ssl_inspection_profile" config ssl-exempt edit 0 set type address set address "Kaspersky_0" next edit 3 set type address set address "Kaspersky_1" next end end