when we enable content and disarm in antivirus getting error when applied to a policy "value conflicts with system settings" with fortiOS 6.0.4 and 6.2
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This has helped me
https://cookbook.fortinet.com/content-disarm-reconstruction-60/
Good Luck
________________________________________________________
--- NSE 4 ---
________________________________________________________
Hello, The message you receive when attempting to enable Content Disarm and Reconstruction on the AntiVirus profile, is because the Proxy Options settings in the CLI Console have splice and clientcomfort on CDR-supported protocols enabled. To fix it please do: config firewall profile-protocol-options edit custom-default config smtp unset options splice next config http unset options clientcomfort next end end You should also confirm the AntiVirus profile’s protocol settings under config antivirus profile: ensure that set options scan is enabled on CDR-supported protocols if set options av-monitor is configured on a CDR-supported protocol , it overrides the config content-disarm detect-only setting (and CDR will not occur) CDR supported protocols are: http smtp imap pop3
I hope this helps Alivo
livo
With 6.0.4 I too am having the problem where when I try to enable "Content Disarm and Reconstruction" in the Security Profiles - AntiVirus, I get the message: "Value conflicts with system settings". This is when logged into the Global VDOM. (The root VDOM didn't give me an Apply button to save changes so I'm assuming that I need to be in the Global VDOM).
I tried to follow the instructions from Alivo which didn't work exactly. I can't use the "config firewall profile-protocol-options" for the "config global". I need to be in my root VDOM. But even from here after I removed splice from SMTP (and I didn't see clientcomfort anywhere) I couldn't enable the "Content Disarm and Reconstruction" in the GUI.
Here are my settings for the root VDOM:
config firewall profile-protocol-options edit "default" set comment "All services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next edit "custom-default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail end config nntp set ports 119 set options splice end config dns set ports 53 end next end
Any idea of how I can enable "Content Disarm and Reconstruction" for my root VDOM?
Thanks!
I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"
Any ideas?
jasont230 wrote:I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"
Any ideas?
If you type unset options ?, you will see there is nothing supposed to be after the options. I guess the syntax has been changed in 6.2, you just need to type unset options.
Hello,
same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result.
Did you figure out how to enabled it?
walvis wrote:In our case, with FortiOS 6.0.7, after getting the the error indicated by the OP, we also tried to disable CDR completely. We didn't receive any error and all CDR options are disabled in active AV profile (checking from CLI) but still the Fortigate keeps scanning the files with the option "detected-only". Ticket opened in Fortinet Support.Hello,
same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result.
Did you figure out how to enabled it?
Thanks for sharing this solution. I am sure other users will benefit from you.
most likely you need to add an exception
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.