Hello, please provide us some details: - Which Firmware are you running? - What ist the speed of your intenet connection? - How many users are at your location? - Are you using a separate proxy (squid)? - Are you using protection profiles (AV/IPS scanning)? Sincerely Harald

Sorry for the delay in responding about this, was out of town for a few weeks. Anyways, here is the info about our firewall: FortiGate 110C Firmware Version: v4.0,build0496,111108 (MR3 Patch 3) Speed test: Dwn=14.85 MBps / Up=5.70 MBps Approximately 175 users No separate proxy No protection files (that I' m aware of) We did not have this issue when we were using a Cisco firewall, and it started as soon as we brought the FortiGate online. Thanks for all your help!

I just tried this: CLI Syntax: config webfilter content-header edit 1 set comment ' ' config entries edit " video/.*" set action block next edit " audio/.*" set action exempt next end set name " weblist-01" next end from the article posted above, but did' t help.

No protection files (that I' m aware of)

Nicholas, This setting requires a Web Protection Profile in order to work per the KB. In the example in the KB, they use a sample Protection Profile called " Web" to demonstrate how you would activate this particular setting. However, if you' re not using a Web Protection Profile, what kind of inspection are you doing on your traffic? If you don' t have a web protection profile, then you are not filtering websites for any games, movies, gambling, social networking, etc. If you go to your Firewall Policy settings in the GUI and then change the Column Settings to display the Web Filter Profile, you will be able to verify if any of your traffic is already using a Web Protection Profile. That' s probably a good place to start. If you don' t use a Web Protection Profile, you could try to create a simple one with just the header exception outlined in the KB. You could try assigning that to your users to see if there is a difference. It' s easy enough to remove. Also, MR3 is now up to Patch 5. From what I' ve read, this is much more stable than Patch 3. You might want to try an upgrade as a simple first measure to see if that helps. Hope this helps.

Bill, Went in to the firewall policies and enabled the viewing of the web filter profiles, and we do have one in place, that looks like it is currently applied to our entire internal network and our guest wireless. Go to the UTM profiles and looking at the web filter profile that was created for us, I do not see a setting that stands out to say " scan multimedia" or " scan online streaming media" or anything like that, nor am I sure that I should. The only thing I remotely see is the bandwidth consuming category is set to allow, but nothing to allow me to configure it. Thanks for your help!

Go to the UTM profiles and looking at the web filter profile that was created for us, I do not see a setting that stands out to say " scan multimedia" or " scan online streaming media" or anything like that, nor am I sure that I should.

You wouldn' t see anything there. For better or worse, many of the obscure (and not so obscure) settings can only be set in the CLI. The GUI is more like a basic-to-intermediate interface to the box while the CLI is the full-monty advanced interface. If your primary web profile is called " primaryWebProfile" then you would want to make the following settings in your config to activate the header exclusions you made previously: config webfilter profile edit " primaryWebProfile" config http set options contenttype-check end config web set content-header-list 1 end next end Caveat: I am NOT using MR3, but the config for this appears to be the same. As always, make sure you backup your config before making any changes. These are pretty benign changes, but you would probably not want to make them during peak traffic.