Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Yahoo messenger login problem behind transparent FG

Hello, I am having the following problem: I am using a FG 100A inside a network, in transparent mode. I also want to send logs to a FA 800B. I want to create a profile that will be used only for logs/content archive for HTTP, FTP and IM/P2P traffic. The internal policy of the company is that if you want to log into Yahoo Messenger, you have to use a proxy server (the proxy ip address being the address of the gateway/firewall, other than FG, as it is in transparent mode, and the port 8080) or with the option " firewall with no proxy" . Of course, if I want to enable content archive in my protection profile, I first must check the option for Yahoo in IM/P2P tab and then set content archive to summary or full. But when I enable this profile in my security policy, I can' t log into Yahoo anymore. I must say that if the IM/P2P box is not checked in the profile, I can log into Yahoo without any problems. To be more acurrate, in the following configuration I CAN' T log into Yahoo: Firewall -> Protection Profile -> Edit Log_Profile -> open IM/P2P tab -> check Yahoo option (*) -> open Content Archive tab -> check Yahoo for " Archive IM to FortiAnalyzer/FortiGuard" option -> set option to full. IF I don' t check the (*) option, (I cannot check Content Archive option anymore, of course), still using the protection profile into security policy, I CAN log into Yahoo without problems: Firewall -> Policy -> internal to external allow all traffic using Log_Profile. I am using MR6 Patch 3 on FG, but I tried MR7 Patch 1 also. On FA I am using MR6 Patch 2, but I don' t think this could be the cause of the problem. Does anyone know what' s happening? (I am using version 8.1.0.421 of Yahoo Messenger and 8.0.0.1 version of MyYahoo Module) Thank you.
4 REPLIES 4
g3rman
New Contributor

Also, check under: IM, P2P & VoIP -> User -> Config By default the User Policy is set to Automatically Block for some strange reason.
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
lmuir
New Contributor

Yep, yahoo doesn' t work. Presently they need to update IM protocol detection via firmware updates. Apparently this is moving to a subscription based service, to stop these sorts of issues when IM vendors change their protocols. If you need it to work now, try logging a call.
Not applicable

@g3rman: yes, under IM -> user -> config I set the action to allow for Yahoo. @lmuir: I didn' t understand what to do exactly to get it work. If you could detail a little bit, I would realy appreciate. Thank you.
lmuir
New Contributor

To get the latest version of Yahoo! messenger to work, turn off Yahoo! messenger inspection. Fortinet needs to update the protocol recognition to work with the current version. Presently this is done via firmware updates, apparently is moving to a subscription service to allow faster updates. I suspect this is going to be in FortiOS 4. If you need it to work now, contact TAC.
Labels
Top Kudoed Authors