We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?
After changing to a multi-VDOM architecture, I began getting the pop-up shown below from my browser. All internet access for my workstation stops. The URL in the message is always the URL I'm trying to use.
I get this issue intermittently on different machines connecting to the internet through the FG. Not all systems at the same time but seperate systems at random. This has been happening on and off for a couple of weeks. On Wifi devices like iPads, if i disable the wifi on the iPad and re-enable it, internet access starts working again. Today when a laptop experienced the issue, I found that going into the Fortigate configuration and changing the: "Security Profiles-AntiVirus-"Detect Connections to Botnet C&C Servers" setting from "Block" to "Monitor" seemed to make the laptop start working again. Not sure if simply making a configuration change in general triggers a correction but I'll continue to monitor and let the group know.
Well it happened again. This time while internet access attempts resulted in displaying the block message, I made a totally unrelated configuration change and my internet started working again. It appears as if applying any change to the Fortigate will re-instate internet access.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.