Every once in a while, the antivirus software of my mail system catches some viruses that were supposed to be caught by the Fortigate. Anybody have such an experience?
Today, I got one W32.Netsky.Q@mm get through Fortigate.
We have FG60, FG200, FG200-A-HD, FG300-A-HD models.
They all are running latest 2.80 firmware currently available.
Some are in transparent mode, some are Route in mode.
Virus pattern file is latest and auto updates seems to be ok.
Same thing here. For one year we used a FG-100 with 2.5 and never and any problem with viruses. In december I decided to upgrade to 2.8 and last week I realized that all my network was infected by a blaster kind of worm, with a storm of port 135 access. I installed an antivirus on my email system to check if the FG-100 was letting any viruses in and to my surprise, yes, the antivirus on my email system stopped a Netsky Trojan that the FG-100 didn' t see !
Not good . . .
I agree that FG catches most and I am pleased with level of protection. We also use Sophos on our email system and Symantec on the desktop. Even so, after being clear since August when we deployed 3 FG' s, we are now battling an outbreak we cannot identify. I am submitting samples.
The ones I find out about that are identified are from my email system with Sophos. Sometimes it takes two or three days for Fortinet to update the AV file to catch them.
Tech support will not address the problem without a sample. I would like to see a method of of informing Fortinet of these viruses that other vendors are finding. This would be without sending a sample.
For an extra spooky experience, try connecting two Fortigates back to back (mine in transparent mode) between the Internet and a mail server with fairly heavy load. You don' t see outgoing viruses because the server is clean, but occasionally - just perhaps 1 in 100-1000 viruses, you see a virus that is caught by the second Fortigate, the inside one nearer the mail server, and the direction recorded is from the Internet to the mail server. This happens even with identical configs, virus defs and firmware versions on both FGTs. How strange is that?
Fsecure integrated to Firewall reported today several viruses (passed via Fortigate today between 07:00 to 13:00).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.