GPASS false positives

rwpatterson · ‎01-29-2010

Since 1/27/2010 10:24 AM, we have been getting false positives trying to FTP thru the FGT. I have had to set the GPASS proxy to ' Pass' for normal operations. Just an FYI. A ticket has been submitted to Fortinet (#373861).

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

rwpatterson · ‎02-02-2010

Was good for a day, now POP is getting stopped, and some FTP sites as well. Don' t show up in the log though... I enable GPASS to pass, and all problems go away....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

billp · ‎02-02-2010

Yeah. I' m seeing this too. FTP and some https sites that are unlikely to be Gpass related. Started on 01/26 for me. Hopefully they will resolve with an IPS update soon. Because of similar things like this, I' ve grown shy of blocking entire categories in Application Control. Now I only block apps that I' ve seen on my network.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

TopJimmy · ‎02-03-2010

I' ve run into the problem too. The app was a web-based 3270 application. I' ve had to " pass" all gpass traffic.

-TJ

billp · ‎02-04-2010

I' ve also opened a ticket (375769) on this. If enough report the problem, perhaps priority will get escalated. . .

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Carlos_Menezes · ‎02-04-2010

Hi, We also found a false-positive with host from HSBC file transfer service. We created a rule to by-pass the protection profile for this host. Att,

Carlos Alfredo Fortigate 600-C, 300-A (4.0MR3-P5)