Tuesday, March 30, 2010

HTTP A/V Scanning breaking Web Applications

If you are running FortiOS 4.0 MR1 at pretty much any patch level there is currently a bug which breaks or severely slows certain web applications. For example the BMC Service Desk (Magic) Ticketing systems runs VERY slow. Also certain web-based management platforms are broken completely.
At the moment the workaround is to disable HTTP scanning in the protection profile and to not apply any DLP settings for HTTP in the UTM config.

Fortinet has identified the root cause of this issue and a patch is scheduled to be included in FortiOS 4.0 MR1 Patch 5. Patch 5 is slated to be released towards the end of April.

** Update **

From the 4.0 MR1 Patch 5 release notes:

Description: The FortiGate may drop pipelined HTTP requests.
Bug ID: 120936
Status: Fixed in v4.0 MR1 - Patch Release 5.

Wednesday, March 24, 2010

Software Updates

  • 4.0 MR1 Patch 4, Build 196
  • 4.0 GA Patch 2, Build 126
  • 4.0 MR1 Patch 4, Build 196

Tuesday, March 23, 2010

Fortigate GUI Problem with Firefox and Adblock Plus

Known to be affected:
  • FortiOS 4.0 MR1
  • Adblock Plus 1.1.X
If you are running the Adblock Plus plugin for Firefox there are problems when expanding some of the "Advanced" fields in the firewall GUI. In particular
  • Router -> Dynamic -> OSPF: The little blue triangle to expand the "Advanced Options" does not display but can be clicked if you know its location
  • VPN -> IPSEC -> Auto Key: The "Advanced" option buttons for both Phase 1 and 2 appear but do not expand the GUI when clicked.
The current workaround I found is to simply disable Adblock Plus for a particular firewall.

Saturday, March 20, 2010

Software Updates

  • 4.0, MR1 Patch 3, Build 143
  • 4.0 GA, Patch 2, Build 004
  • 4.0 GA, Build 199