Tuesday, March 30, 2010

HTTP A/V Scanning breaking Web Applications

If you are running FortiOS 4.0 MR1 at pretty much any patch level there is currently a bug which breaks or severely slows certain web applications. For example the BMC Service Desk (Magic) Ticketing systems runs VERY slow. Also certain web-based management platforms are broken completely.
At the moment the workaround is to disable HTTP scanning in the protection profile and to not apply any DLP settings for HTTP in the UTM config.

Fortinet has identified the root cause of this issue and a patch is scheduled to be included in FortiOS 4.0 MR1 Patch 5. Patch 5 is slated to be released towards the end of April.

** Update **

From the 4.0 MR1 Patch 5 release notes:

Description: The FortiGate may drop pipelined HTTP requests.
Bug ID: 120936
Status: Fixed in v4.0 MR1 - Patch Release 5.


Paulo Raponi said...

If this is a know bug and a lot of users are affected, I think Fortinet can put this update on the road asap...

Sebastian said...

Yup, that's what we are pushing for. Turning the bug fix around for the very next patch release is a credit to Fortinet's engineering team. Obviously they have to freeze the code at some point to make sure they do proper QA testing on it before releasing it. I'd rather wait a few days to make sure the code is good than get a new patch that fixes one bug but introduces more.

The joy of software development :)

John said...

I came accross what sounds like the issue with 4.0MR1 (no patch) where images would often not show up on web sites if you have AV on. Patch 1 fixed it... sounds like it did not compeletely fix it.... bummer.
On a related issue, we have a customer who's 110Cs would freeze with a kernel panic. Not good. They fixed that (knock on wood) in the patch released about a week ago.