Description
One common issue when using a FortiGate unit with antivirus configure, is slow traffic or traffic timeouts specifically with Apple iTunes downloads.
This article shows the steps to improve this so that no downloads from this site will fail. This procedure makes use of the Exempt features which allow traffic from a certain site to bypass all proxy actions.
Scope
FortiGate.
Solution
iTunes connects to apple.com to download music. The FortiGate unit will buffer anything it downloads up to the antivirus threshold before it sends anything to the client software. iTunes has a problem with this and thinks the connection is down due to the delay.
It is necessary to set up a URL exemption for apple.com to disable antivirus scanning from that website. Add apple.com to a Web Filter table, select Filter Exceptions, and use an action of Exempt.
To allow a bypass for iTunes:
- Go to Security Profiles -> Web Filter -> Select Existing Profile or Create New.
- Select URL filter under Static URL Filter
- Select Create New and enter the following and select OK.
- URL - apple.com
- Type - simple
- Action - exempt.
- Go to Policy & Objects -> Firewall Policy.
- Select Edit for the required policy in question.
- Turn on Web Filter and select the Web Filter Profile in question.
- Select OK.
