Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vifi
Staff
Staff

Created on ‎08-07-2025 07:53 AM

Article Id 405321

Troubleshooting Tip: Issues with accessing websites when DLP Profile is used, after upgrade form 7.2 to 7.4 in a multi-VDOM environment

Description This article describes the changes that should be made to a DLP profile after upgrading from 7.2 to 7.4 if the 'regex' type file is being used in a multi-VDOM environment.
Scope FortiOS 7.2, 7.4.
Solution

Access to websites is not possible after upgrading from 7.2.x to 7.4.x when DLP (Data Loss Prevention) is enabled in the firewall policy.

The DLP Profile configuration is as follows:


config dlp dictionary
    edit "Proxy DLP profile-1d"
        set uuid c9822138-4268-51ef-95b5-d301c1fd8cc6
            config entries
                edit 1
                    set type "regex"
                next
            end
        next
        edit "Proxy DLP profile-2d"
            set uuid c98236d2-4268-51ef-e5c5-88ed55881527
                config entries
                    edit 1
                        set type "regex"
                    next
                end
            next
        end


config dlp sensor
    edit "Proxy DLP profile-r1s"
        config entries
            edit 1
                set dictionary "Proxy DLP profile-1d"
            next
        end
    next
    edit "Proxy DLP profile-r2s"
        config entries
            edit 1
                set dictionary "Proxy DLP profile-2d"
            next
        end
    next
end


config dlp profile
    edit "Proxy DLP profile"
        set feature-set proxy
            config rule
                edit 1
                    set proto smtp pop3 imap http-get http-post ftp nntp mapi
                    set filter-by sensor
                    set sensor "Proxy DLP profile-r1s"
                    set action log-only
                next
                edit 2
                    set proto smtp pop3 imap http-get http-post ftp nntp mapi
                    set filter-by sensor
                    set sensor "Proxy DLP profile-r2s"
                    set action log-only
                next
            end
        next
    end

 

Another symptom of this issue is observed: scanunit daemon is crashing very frequently.

 

7: 2025-07-25 10:27:48 <43929> firmware FortiGate-3200F v7.4.8,build2795b2795,250523 (GA.M) (Release):
8: 2025-07-25 10:27:48 <43929> application /bin/scanunit worker 52:
9: 2025-07-25 10:27:48 <43929> *** signal 11 (Segmentation fault) received ***
10: 2025-07-25 10:27:48 <43929> Register dump:
11: 2025-07-25 10:27:48 <43929> RAX: 0000000000000000 RBX: 0000000000000000
12: 2025-07-25 10:27:48 <43929> RCX: 0000000000000000 RDX: 0000000000000000
13: 2025-07-25 10:27:48 <43929> R08: 000055bdceb50de0 R09: 000055bdceb57f20
14: 2025-07-25 10:27:48 <43929> R10: 0000000000000040 R11: 000055bdceb581a0
15: 2025-07-25 10:27:48 <43929> R12: 0000000000000000 R13: 000055bdceb51220
16: 2025-07-25 10:27:48 <43929> R14: 0000000000000001 R15: 0000000000000000
17: 2025-07-25 10:27:48 <43929> RSI: 0000000000000000 RDI: 0000000000000000
18: 2025-07-25 10:27:48 <43929> RBP: 00007ffe575c4280 RSP: 00007ffe575c4218
19: 2025-07-25 10:27:48 <43929> RIP: 00007f3396aad9b8 EFLAGS: 0000000000010283
20: 2025-07-25 10:27:48 <43929> Trap: 000000000000000e Error: 0000000000000004
21: 2025-07-25 10:27:48 <43929> Oldmask: 0000000000004000
22: 2025-07-25 10:27:48 <43929> CR2: 0000000000000000
23: 2025-07-25 10:27:48 <43929> CS: 0033 FS: 0000 GS: 0000
24: 2025-07-25 10:27:48 <43929> Backtrace:
25: 2025-07-25 10:27:48 <43929> [0x7f3396a08003] => /lib/libc.so.6 {0x7f3396941000}
26: 2025-07-25 10:27:48 <43929> [0x7f3396a07f3a] => /lib/libc.so.6 {0x7f3396941000}
27: 2025-07-25 10:27:48 <43929> [0x55bdc06613fd] => /bin/init {0x55bdbec75000}
28: 2025-07-25 10:27:48 <43929> [0x7f3396979ec0] => /lib/libc.so.6 {0x7f3396941000}
29: 2025-07-25 10:27:48 <43929> [0x7f3396aad9b8] => /lib/libc.so.6 {0x7f3396941000}
30: 2025-07-25 10:27:48 <43929> [0x7f33941c19fc] => /lib/libdlp.so {0x7f33941a6000}
31: 2025-07-25 10:27:48 <43929> [0x7f33941c2e43] => /lib/libdlp.so {0x7f33941a6000}
32: 2025-07-25 10:27:48 <43929> [0x7f33941c521b] => /lib/libdlp.so {0x7f33941a6000}
33: 2025-07-25 10:27:48 <43929> [0x55bdc064c85e] => /bin/init {0x55bdbec75000}
34: 2025-07-25 10:27:48 <43929> [0x55bdc064ca05] => /bin/init {0x55bdbec75000}
35: 2025-07-25 10:27:48 <43929> [0x55bdc064fc1c] => /bin/init {0x55bdbec75000}
36: 2025-07-25 10:27:48 <43929> [0x55bdc0651bc4] => /bin/init {0x55bdbec75000}
37: 2025-07-25 10:27:48 <43929> [0x55bdc0650f2a] => /bin/init {0x55bdbec75000}
38: 2025-07-25 10:27:48 <43929> [0x55bdc06511b0] => /bin/init {0x55bdbec75000}
39: 2025-07-25 10:27:48 <43929> [0x55bdc0651445] => /bin/init {0x55bdbec75000}
40: 2025-07-25 10:27:48 <43929> [0x55bdc06496ca] => /bin/init {0x55bdbec75000}
41: 2025-07-25 10:27:48 <43929> [0x55bdc065f72d] => /bin/init {0x55bdbec75000}
42: 2025-07-25 10:27:48 <43929> [0x55bdc065fe5f] => /bin/init {0x55bdbec75000}
43: 2025-07-25 10:27:48 <43929> [0x55bdc1bec229] => /bin/init {0x55bdbec75000}
44: 2025-07-25 10:27:48 <43929> [0x55bdc1bec3e1] => /bin/init {0x55bdbec75000}
45: 2025-07-25 10:27:48 <43929> [0x55bdc065d9cc] => /bin/init {0x55bdbec75000}
46: 2025-07-25 10:27:48 <43929> [0x55bdc0660fd1] => /bin/init {0x55bdbec75000}
47: 2025-07-25 10:27:48 <43929> [0x55bdc06617a8] => /bin/init {0x55bdbec75000}
48: 2025-07-25 10:27:48 <43929> [0x55bdc0657ec1] => /bin/init {0x55bdbec75000}
49: 2025-07-25 10:27:48 <43929> [0x55bdc0658050] => /bin/init {0x55bdbec75000}
50: 2025-07-25 10:27:48 <43929> [0x55bdc0654649] => /bin/init {0x55bdbec75000}
51: 2025-07-25 10:27:48 <43929> [0x55bdc06546c6] => /bin/init {0x55bdbec75000}
52: 2025-07-25 10:27:48 <43929> [0x55bdc1bec229] => /bin/init {0x55bdbec75000}
53: 2025-07-25 10:27:48 <43929> [0x55bdc1bec3e1] => /bin/init {0x55bdbec75000}
54: 2025-07-25 10:27:48 <43929> [0x55bdc06584a1] => /bin/init {0x55bdbec75000}
55: 2025-07-25 10:27:48 <43929> [0x55bdc0659c3b] => /bin/init {0x55bdbec75000}
56: 2025-07-25 10:27:48 <43929> [0x55bdbf0c9843] => /bin/init {0x55bdbec75000}
57: 2025-07-25 10:27:48 <43929> [0x7f3396964e1b] => /lib/libc.so.6 {0x7f3396941000}
58: 2025-07-25 10:27:48 <43929> [0x55bdbf0c4fda] => /bin/init {0x55bdbec75000}
59: 2025-07-25 10:27:48 scanunit 43929 crashed in scanunit.
60: 2025-07-25 10:27:48 <43929> fortidev 6.0.2.0008

 

In order to solve this: When multi-VDOM mode is enabled, the 'g-regex' type should be defined in the global VDOM, and there should be no 'regex' data type. When multi-vdom mode is disabled, there should be a 'regex' data type defined, and no 'g-regex' data type.

Make the following changes in 'config dlp dictionary', with the assumption that all traffic needs to be matched, set the pattern to match '\S'. 


After this, change the DLP functions correctly. There will be no further issues accessing the websites. Furthermore, there will be no more scanunit crashes.

 

config dlp dictionary
    edit "Proxy DLP profile-1d"
        set uuid c9822138-4268-51ef-95b5-d301c1fd8cc6
            config entries
                edit 1
                    set type "g-regex"<-----
                    set pattern "\S" <-----
                next
            end
        next
        edit "Proxy DLP profile-2d"
            set uuid c98236d2-4268-51ef-e5c5-88ed55881527
                config entries
                    edit 1
                        set type "g-regex" <-----
                        set pattern "\S" <-----
                    next
                end
            next
        end
139
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.