A would like to ask if you can see the following in a session (redis in state, and no_ofld_reason: redir-to-av), is that means the traffic is redirected to antivirus feature?
state=redir local may_dirty src-vis nlb
misc=0 policy_id=480 auth_info=0 chk_client_info=0 vd=0
no_ofld_reason: redir-to-av mac-host-check
client - (inputIF)fortigate(outputIF) - server
I have a strange behaviour, in the input interface it seems that fortigate make a 3-way handshake, and communication with the client, but just send SYN packages to the output interface. However in the allow-policy (which shows in this session:policy_id=480) there is no security profiles defined at all (no-inspection).
Don't know whats the problem. Any advice appreciated!