We confirmed with Fortinet today that a bug that was fixed in 4.1.6 apparently exists in 4.2.x. It is scheduled to be fixed (again) in 4.2.6.
Here is the original problem from March 2010. It's not a good thing that this was fixed a year ago and is still around in newer builds of the 4.2 branch.
http://firewallguru.blogspot.com/2010/03/http-av-scanning-breaking-web.html
** Update **
Due to 4.2.6 being a quick fix for the split tcp handshake the bug fix will be included in 4.2.7.
14 comments:
Does switching to flow-based A/V scanning help? Definitely frustrating.
Does it exist in 4.3 ?
This issue became apparent again in 4.2.2 for some of our customers. I personally noticed on netflix the most.
In 4.2.4 is fix of page loading problem with AV+IPS in protection profile (personaly noticed in 4.2.2).
So this is another bug if I get it right?
We see this on some customers running OS 4.2.2 and 4.2.3 - The websites load but some images are broken.
Any guesses on the release of 4.2.6?
Right now unofficially Q3 2011.
looks like 4.2.5 is out
MR2 Patch 5
Build 0315
Does 4.2.5 fixed this bug yet?
Fortinet confirmed to me that this will be fixed in 4.2.6 and later.
Hi sebastian!
I can confirm that this problem still exists on 4.2.6, i have a customer with a FGT60C cluster who's not able to do HTTP requests. It seemed to work after upgrading to 4.2.6, but if there are a lot of sessions starting at the same time (>200) it stops working. Scanning turned off in policy -> everything works well again ...
C9200L-24P-4X-E
sxhj sacjsa hj csa
C9200-48T-E hjsa csas aacs
C9300-24T-E xs xsjsa csa csa
Post a Comment