Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marypoppins
New Contributor II

redir-to-av

Dear All,

 

A would like to ask if you can see the following in a session (redis in state, and no_ofld_reason: redir-to-av), is that means the traffic is redirected to antivirus feature? 

 

state=redir local may_dirty src-vis nlb

misc=0 policy_id=480 auth_info=0 chk_client_info=0 vd=0

no_ofld_reason:  redir-to-av mac-host-check

 

client - (inputIF)fortigate(outputIF) - server

syn>                                                 >syn> <syn+ack                                         >syn> ack>                                                 >syn>

                                                        >syn>

                                                        >syn>

 

I have a strange behaviour, in the input interface it seems that fortigate make a 3-way handshake, and communication with the client, but just send SYN packages to the output interface. However in the allow-policy (which shows in this session:policy_id=480) there is no security profiles defined at all (no-inspection).

Don't know whats the problem. Any advice appreciated!

 

thank you

 

 

1 REPLY 1
marypoppins
New Contributor II

Update: sorry, I found that the handshake was successful on the output side (bad mistake other side was turned off pfff), however, the data (packets with push flag on) seems to be filtered out yet. So the question remains. I checked the full config I only found av-profile default in the sniffer settings...
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors