Very strange behaviour with FortiGate and AntiVirus in firewall rule. I have sometime my traffic blocked by AntiVirus but I can't see anything in logs.
In my Forward Traffic logs, I can see sometimes a value in result, sometimes not. When Result is green and has traffic, AntiVirus is disabled and request correctly pass. When Result is empty, traffic is blocked and AntiVirus is enabled on policy.
If I looked inside AntiVirus logs, the are empty. My AntiVirus configuration is here :
I tried to disabled one by one each part of AntiVirus configuration but no change. The request is working only if I disabled AntiVirus in firewall rule.
I've mistaken somewhere or is it a bug ? If a virus is detected, why I don't have any log ? For me it looks like an AntiVirus engine bug...
Maybe you have more tools to debug this behaviour :)
Once again, this is not a proof of a log problem. The traffic may be blocked by a wrongly configured AV (or maybe a bug). Make sure that AV profile mode is consistent with the policy operation mode (proxy-mode). Also, check that the FortiOS version you are running is up to date (6.4.8 / 7.0.5) to eliminate possible bugs.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -