Hi everyone,
Very strange behaviour with FortiGate and AntiVirus in firewall rule. I have sometime my traffic blocked by AntiVirus but I can't see anything in logs.
In my Forward Traffic logs, I can see sometimes a value in result, sometimes not. When Result is green and has traffic, AntiVirus is disabled and request correctly pass. When Result is empty, traffic is blocked and AntiVirus is enabled on policy.
If I looked inside AntiVirus logs, the are empty. My AntiVirus configuration is here :
I tried to disabled one by one each part of AntiVirus configuration but no change. The request is working only if I disabled AntiVirus in firewall rule.
I've mistaken somewhere or is it a bug ? If a virus is detected, why I don't have any log ? For me it looks like an AntiVirus engine bug...
Maybe you have more tools to debug this behaviour :)
Thanks for your help
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if your policy is proxy-based, your AV profile MUST be proxy-based
if your policy is flow-based, your AV profile MUST be flow-based
OK I understand. But in fact I can set a proxy-based firewall policy with a flow-based AV policy... No warning and AV works correctly.
So you recommand to add proxy-based with AV or flow-based ? Both of them works but not in the same way. And as I can see in my case proxy-based with AV works but not flow-based...
Someone can share with me his best practice / recommandation ?
Thanks :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.