After upgrading FortiGate to v7.4.2, v7.4.3, or v7.4.4, users may encounter a problem where downloads of large files (greater than 2GB) stop at 2GB when deep inspection is enabled along with UTM profiles in the firewall policy.

This issue has been resolved in the IPSE v7.1.10:0186, v7.2.7:0344, v7.4.5:0546, v7.6.1:1017.

Workaround:
As a temporary solution, modify the SSL/SSH Inspection profile to 'certificate-inspection'.

config firewall policy
    edit <ID>
        set ssl-ssh-profile "certificate-inspection"
    next
end

Logs required by FortiGate Technical Support for investigating the issue if reported on other firmware versions:

1. Packet Captures:

• Use Wireshark to capture the traffic on the user's machine.
• Execute the following commands on FortiGate when the download is nearing the 2GB mark.
  
  

diagnose sniffer packet <ingress interface> "host <destination IP>" 6 0 l
diagnose sniffer packet <egress interface> "host <destination IP>" 6 0 l

2. IPS diagnostics:
   Execute the following commands on FortiGate to capture IPS debugs:
   
   diagnose ips filter set "host <source_IP>
   diagnose debug console timestamp enable
   diagnose ips debug enable tcp
   diagnose debug enable
   <download the file>
   
   To reset the debugs, use the command 'diag debug disable' and 'diag debug reset'.
   
   

    

3. TAC report:
   
   execute tac report
   
   

4. Export the configuration file of the FortiGate.