We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I still have the ticket opened and asked them to eventually check this tbread (don'tk now if they do) :)
I just hope this thing keeps working, at least for the weekend.
I'll let you know on monday
digimetrica wrote:I still have the ticket opened and asked them to eventually check this tbread (don'tk now if they do) :)
I just hope this thing keeps working, at least for the weekend.
I'll let you know on monday
The unofficial word is that is most likely a bug. hopefully they will corner the bug and fix it in 5.2.4, but if 5.2.4 enter testing phase before they patch this, then we may have to wait longer for a patch.
My plan with my new cluster is to deploy (v5.2.3) in A-A with unit 0 set to weight 255 and unit 1 set to weight 1. then when the bug is patched I will adjust the weights.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Same. It happened to me this morning.
The customer called very angry :)
SO it appears AV engine gets broken after 1-2 days.
Hoe for a quick fix
Ok, their support aknowledge this is a bug that will be fixed in 5.2.4 .
They suggest to use A-P mode in the meantime
UPDATE 7-6-2015
I now have my new FG200D pair at my desk for deployment preparation and I still have an open ticket (FG200B) regarding this issue (AV DB corruption on slave unit when cluster is active-acitve).
Original plan:
my plan was to keep following fortinet support direction on FG200B to get this bug "caught", then to deploy new cluster with slave united weighted to 1 and master to 255. then wait for bug fix in 5.2.4 (assuming it makes it into 5.2.4), deploy 5.2.4 to new cluster, change weights to more normal values 40/40 or 100/100.
New info from Fortinet Support:
Fortinet support just told me that this issue is affecting multiple customers, but not a majority of them, only a minority of clusters. They also said that they doubt the issue will happen on my new cluster, but that it was possible. They also mentioned that issue seems much more likely on older hardware than on newer hardware.
Support suggested that I format the entire boot device and reload the firmware. This implies that they suspect the issue is not a bug but some sort of bad/corrupt data that does not get purged during regular AV updates or during regular firmware updates.
New plan that I am considering:
Stop troubleshooting on FG200B, deploy FG200D pair with A-A mode and equal weights (40/40 or 100/100). See if issue happens again. pursue with support as needed.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1518 | |
1018 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.