Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinetforumfiokom
New Contributor II

Fortigate antivirus scanning in proxy mode extremely slow

Hi,

 

Because of "Troubleshooting Tip: Web pages not loading or taking too long to load when a web filter is applied"

I changed my HTTP, AND HTTPS Policy's to proxy mode. The websites load fine, but if I turned on the Antivirus scannig, it takes an extremly extremly long time to download files (I really didn't have time to wait for the end). I would like to download a 50 MB ZIP file. I can download it without antivirus scanning in about 1 minute (or in flow mode), but if I turn on the antivirus scanning (in proxy mode) I can't download it in an hour. 

What could be the problem? 

 

(Fortigate 201F; ver.7.4.3)

 

1 Solution
pminarik

> Doesn't the IPS engine update itself? Now there is a new one that solves the kyber problem and it has to be requested separately?

 

It does, but only when the update becomes publicly available. As far as I know, the fixes are not yet released across all FortiOS firmware branches, hence why you may need to reach out to TAC to get it.

 

> I would think that antivirus checking should also work in proxy mode, especially since the size of the file exceeds the oversize limit, so it shouldn't be checked anyway. 

 

It certainly is expected to work. However, troubleshooting why it doesn't work for you in this specific case is probably out of scope of the forum. A TAC ticket may be a better medium to discuss this, as it will likely involve taking packet captures and live debugs of AV/proxy processes.

[ corrections always welcome ]

View solution in original post

3 REPLIES 3
pminarik
Staff
Staff

That KB is specifically for dealing with effects of Kyber key exchange cipher being enabled in Chromium-based browsers and webfiltering subsequently being bypassed. Is this what you were trying to address? (keep in mind that that article is not a solution for a generic "website loads slow" issue, that can have many causes)

 

If the firewall policy was originally running in flow mode without issues, I would recommend reaching out to TAC support via a support ticket to request a fixed version of the IPS engine. With the new engine version, you should be able to keep the policy in flow mode and capable of filtering properly, without having to use proxy-mode inspection.

[ corrections always welcome ]
fortinetforumfiokom

Dear @pminarik ,

Yes I now what was the KB about. For the last few days I have been having problems loading web pages, when I came across this KB. When I set the Kyber support to disable in Chrome or Edge on my computer, the pages loaded with the original flow rules. Since I cannot disable this setting for all my users one by one, I changed the firewall rule based on the KB (from flow mode to proxy mode). 

I would think that antivirus checking should also work in proxy mode, especially since the size of the file exceeds the oversize limit, so it shouldn't be checked anyway. 

 

I don't really understand your suggestion. Doesn't the IPS engine update itself? Now there is a new one that solves the kyber problem and it has to be requested separately?

 

 

pminarik

> Doesn't the IPS engine update itself? Now there is a new one that solves the kyber problem and it has to be requested separately?

 

It does, but only when the update becomes publicly available. As far as I know, the fixes are not yet released across all FortiOS firmware branches, hence why you may need to reach out to TAC to get it.

 

> I would think that antivirus checking should also work in proxy mode, especially since the size of the file exceeds the oversize limit, so it shouldn't be checked anyway. 

 

It certainly is expected to work. However, troubleshooting why it doesn't work for you in this specific case is probably out of scope of the forum. A TAC ticket may be a better medium to discuss this, as it will likely involve taking packet captures and live debugs of AV/proxy processes.

[ corrections always welcome ]
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors