Very strange behaviour with FortiGate and AntiVirus in firewall rule. I have sometime my traffic blocked by AntiVirus but I can't see anything in logs.
In my Forward Traffic logs, I can see sometimes a value in result, sometimes not. When Result is green and has traffic, AntiVirus is disabled and request correctly pass. When Result is empty, traffic is blocked and AntiVirus is enabled on policy.
If I looked inside AntiVirus logs, the are empty. My AntiVirus configuration is here :
I tried to disabled one by one each part of AntiVirus configuration but no change. The request is working only if I disabled AntiVirus in firewall rule.
I've mistaken somewhere or is it a bug ? If a virus is detected, why I don't have any log ? For me it looks like an AntiVirus engine bug...
Maybe you have more tools to debug this behaviour :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.