When the Anti-Virus security profile is configured to 'Proxy-Based' inspection mode and is enabled within the firewall policy, the WAD daemon blocks access to SMB resources when the client uses authentication methods other than NTLM or Kerberos, before it defaults to NTLM authentication.

This issue has been resolved in FortiOS versions 7.2.9, 7.4.4, 7.4.5.

Workaround:

Disable Proxy based AV profile in the firewall policy or Switch to flow based Anti-Virus profile or Disable PKU2U authentication on the client PC.

Logs required by FortiGate TAC for investigation.

1. Debugs:
   
   

diagnose wad filter src <IP_Address>

diagnose wad debug enable level verbose

diagnose wad debug enable category all

diagnose debug console timestamp enable

diagnose debug enable

Reproduce the issue.

diagnose debug reset

2. Sniffers:

    

   diagnose sniffer packet any "host <source_IP> and host <destination_IP>" 6 0 l

    

3. TAC Report:

   
   execute tac report
   
   

4. Configuration the file of the FortiGate.