Not applicable
Created on 09-03-2009 05:33 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problems displaying images in websites
We have a problem with our FG 100A device. I think it happend after upgrading from 3.0 firmware to 4.1.0 Build 0178. There is a problem with displaying images on many websites like for example (www.onet.pl the images in the news headers don' t show).
There is a protection profile set and users of this profile have this problem. I' ve simplified this profile just for example but the problem still exists.
I' ve noticed that when I disable the AV on the HTTP protocol OR disable fortiguard webfiltering the problem dissapear.
The profile configuration looks like below:
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sadi:
The first thing I can see is that you are logging everything in Fortiguard web filtering. That can be quite CPU intensive. I generally log what I' m going to block & depending on the scale of entries, I may turn it off once I am certain that it is effective. Try turning off the logging & keeping the AV on and watch your CPU/Memory. If you have a cluster, click on the Config section & then click on View HA Statistics. If you can, set the refresh rate to 5 seconds and then you will get a fairly good sense of the throughput and CPU/Memory usage for each unit in your cluster.
Under the anti-virus setting I am simply scanning http & ftp and I have comfort client checked for both and " 1" and " 600" as the values for Interval and Amount. I pass over-sized files and the threshold is 50 MB. I would not suggest that you simply use my values as you have a 100A and I have a pair of 3600s. Play around with the values and then watch the traffic and CPU/Memory loads.
Hope that helps.
Victor
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sadi:
I have the same issue and I have a customer that has the issue also. At this point I' m convinced it is a bug in MR1. I will be working with TAC tonight to reproduce the issue and concur with my conclusion.
I can bypass the issue by turning on AV on HTTP in the protection profile.
John
John
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a similar problem with 4.0 MR1 on a pair of 111c' s.
For me, it shows up frequently in the site www.nydailynews.com.
If I turn off " Web Content Filter" , the problem seems to go away.
Interestingly, my Web Content Filter is essentially empty -- I have one deactivated regex rule, so it shouldn' t even be scanning anything.
I found that if I whitelist the picture' s domain(like i.walmartimages.com, or ytimg.com), the images come in fine. Haven' t found that the AV settings affects my symptoms much.
Am very interested in the results here. Any chance you could post your case # so others could reference it also?
Would be nice to get this resolved quickly.
Bill
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In working with fortigate support yesterday we determined that the problem exists when BOTH AV and FortiGuard Web Filtering are enabled. They were going to take that info and try to reproduce in their lab.
Ticket# 337802
John
John
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We also have the same problem on a 5001 blade active active configuration and on a 3810A active-active configuration after an upgrade to MR1.
We contacted technical support and they ar looking into the problem.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Noaccess -- any chance you could also post your ticket #?
I am running into this problem more frequently. Would really like to have this issue addressed in the next patch release.
It seems to affect only certain sites (typically with lots of small graphics/jpgs).
I' ve found that a combination of selecting Web Content Filter and Antivirus (one or the other, or both) create the problem.
Whitelisting individual sites and/or their related picture sites seems to handle the problem for that site.
And, for what it' s worth, it seems that it is particularly bad in the morning here (GMT-8), and is less of a problem late at night. Hard to tell for certain.
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is of little help, but I have seen this same thing on a FortiWifi 60A and a Fortigate 60B running various 3.0 and the current 4.0 version.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm. Perhaps another piece of the puzzle?
My ticket is #343166 if anyone wants to reference it.
The more people that can contribute information and register tickets, the more likely we can get this problem solved in the next patch.
I have trouble consistently reproducing the problem, and it doesn' t affect all websites. So, I' m hoping they can reproduce it in the lab.
I saw similar problems in earlier versions of 4.0 (before MR1), but it was mostly due to pictures being blocked because they were mislabeled as porn (i.e. " Rate images by URL" was turned on. I now have that turned off.) In any event, if it did occur with previous releases, it was at a much, much lower rate than what we' re seeing now.
Bill
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Not applicable
Created on 10-07-2009 11:48 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem here after 4.0
My workaround for now: leave AV and web filtering on, create URL filter entry with ' allow' action for blocked image site or entire domain.
FYI: In case anyone notice or get complaints of iTunes store loading extremely slowly followed by broken image symbols -----> same 4.0 issue - I created a URL ' allow' entry for apple.com.