Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sthapa
Staff
Staff

Created on ‎05-01-2020 11:28 AM Edited on ‎01-31-2024 06:07 AM By Moderator

Article Id 192546

Technical Tip: How to resolve value conflicts with system settings errors when applying CDR

Description

 

This article describes how to resolve value conflicts with system settings error when applying the CDR (Content Disarm and Reconstruction) feature in the FortiGate antivirus security profile.

 

Scope

 

FortiGate.

Solution

 

 
When 'SMTP Splice' option is enabled in the proxy options profile, CDR cannot be used in the antivirus profile.

The 'SMTP Splice' option is incompatible with CDR feature.
 
 
To resolve this issue, create a separate custom protocol option. For example:
 
Protocol Option.jpg
 
After, disable 'SMTP splice' options in the proxy profile.

Login to the CLI and configure the following:

 config firewall profile-protocol-options
edit Custom
config smtp
        set options fragmail splice <- Change to 'oversize'.
    end
end

 

After, use the same protocol option under all of the firewall policies which are using Antivirus profiles with the Content disarm and reconstruction option enabled. For example:


Protocol Policy .jpg

 

After making these changes, enable the Content Disarm and reconstruction option again.

 

9439
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.