Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zoriax
Contributor

FortiGate Antivirus is blocking but not logging

Hi everyone,

 

Very strange behaviour with FortiGate and AntiVirus in firewall rule. I have sometime my traffic blocked by AntiVirus but I can't see anything in logs.

 

In my Forward Traffic logs, I can see sometimes a value in result, sometimes not. When Result is green and has traffic, AntiVirus is disabled and request correctly pass. When Result is empty, traffic is blocked and AntiVirus is enabled on policy.

zoriax_0-1650533079162.png

 

If I looked inside AntiVirus logs, the are empty. My AntiVirus configuration is here : 

 

zoriax_1-1650533271572.png

 

I tried to disabled one by one each part of AntiVirus configuration but no change. The request is working only if I disabled AntiVirus in firewall rule.

 

I've mistaken somewhere or is it a bug ? If a virus is detected, why I don't have any log ? For me it looks like an AntiVirus engine bug...

 

Maybe you have more tools to debug this behaviour :)

 

Thanks for your help

12 REPLIES 12
AlexC-FTNT

if your policy is proxy-based, your AV profile MUST be proxy-based

if your policy is flow-based, your AV profile MUST be flow-based


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
zoriax
Contributor

OK I understand. But in fact I can set a proxy-based firewall policy with a flow-based AV policy... No warning and AV works correctly.

 

So you recommand to add proxy-based with AV or flow-based ? Both of them works but not in the same way. And as I can see in my case proxy-based with AV works but not flow-based... 

zoriax
Contributor

Someone can share with me his best practice / recommandation ? 

Thanks :)