Friday, March 25, 2011

HTTP A/V scanning breaks web requests - it's back

We confirmed with Fortinet today that a bug that was fixed in 4.1.6 apparently exists in 4.2.x. It is scheduled to be fixed (again) in 4.2.6.

Here is the original problem from March 2010. It's not a good thing that this was fixed a year ago and is still around in newer builds of the 4.2 branch.
http://firewallguru.blogspot.com/2010/03/http-av-scanning-breaking-web.html

** Update **

Due to 4.2.6 being a quick fix for the split tcp handshake the bug fix will be included in 4.2.7.

11 comments:

Anonymous said...

Does switching to flow-based A/V scanning help? Definitely frustrating.

Anonymous said...

Does it exist in 4.3 ?

Anonymous said...

This issue became apparent again in 4.2.2 for some of our customers. I personally noticed on netflix the most.

bmann said...

In 4.2.4 is fix of page loading problem with AV+IPS in protection profile (personaly noticed in 4.2.2).
So this is another bug if I get it right?

Paulo Raponi said...

We see this on some customers running OS 4.2.2 and 4.2.3 - The websites load but some images are broken.

Anonymous said...

Any guesses on the release of 4.2.6?

Sebastian said...

Right now unofficially Q3 2011.

Anonymous said...

looks like 4.2.5 is out

MR2 Patch 5
Build 0315

Anonymous said...

Does 4.2.5 fixed this bug yet?

Sebastian said...

Fortinet confirmed to me that this will be fixed in 4.2.6 and later.

Claus said...

Hi sebastian!

I can confirm that this problem still exists on 4.2.6, i have a customer with a FGT60C cluster who's not able to do HTTP requests. It seemed to work after upgrading to 4.2.6, but if there are a lot of sessions starting at the same time (>200) it stops working. Scanning turned off in policy -> everything works well again ...