Technical Tip: Web Filtering and Anti-Spam Filteri...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 403392

Description

This article describes the behavior of Web Filtering and Anti-Spam Filtering services when Anycast is enabled.

Scope

FortiGate.

Solution

On a factory firmware image version 7.4.8 & above, the follow scenarios are observed:

When Anycast is enabled: Rating Server show down.

There are no Web Filter or Antivirus profiles enabled in Firewall policy.

image (2).png

When Anycast is disabled: The filtering services ports are unchanged (https/443): Rating Servers show Up
There are no Web Filter or Antivirus profiles enabled in Firewall policy.

image (3).png

When Anycast is enabled: As noted in scenario (1) The Rating Servers show down, however in this scenario when once a Webfilter or an Antivirus profile is enabled in a firewall policy, then the rating servers show Up as expected provided the FortiGate is successful in communicating with the Fortiguard servers.

image (3).png

This issue has been identified & reported to the engineering team. The fix will be included in FortiOS 7.4.9GA, 7.6.4GA & 8.0.0 GA.

148

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Web Filtering and Anti-Spam Filtering services show down when Anycast enabled on a factory image

You are leaving our website