We confirmed with Fortinet today that a bug that was fixed in 4.1.6 apparently exists in 4.2.x. It is scheduled to be fixed (again) in 4.2.6.
Here is the original problem from March 2010. It's not a good thing that this was fixed a year ago and is still around in newer builds of the 4.2 branch.
http://firewallguru.blogspot.com/2010/03/http-av-scanning-breaking-web.html
** Update **
Due to 4.2.6 being a quick fix for the split tcp handshake the bug fix will be included in 4.2.7.
Does switching to flow-based A/V scanning help? Definitely frustrating.
ReplyDeleteDoes it exist in 4.3 ?
ReplyDeleteThis issue became apparent again in 4.2.2 for some of our customers. I personally noticed on netflix the most.
ReplyDeleteIn 4.2.4 is fix of page loading problem with AV+IPS in protection profile (personaly noticed in 4.2.2).
ReplyDeleteSo this is another bug if I get it right?
We see this on some customers running OS 4.2.2 and 4.2.3 - The websites load but some images are broken.
ReplyDeleteAny guesses on the release of 4.2.6?
ReplyDeleteRight now unofficially Q3 2011.
ReplyDeletelooks like 4.2.5 is out
ReplyDeleteMR2 Patch 5
Build 0315
Does 4.2.5 fixed this bug yet?
ReplyDeleteFortinet confirmed to me that this will be fixed in 4.2.6 and later.
ReplyDeleteHi sebastian!
ReplyDeleteI can confirm that this problem still exists on 4.2.6, i have a customer with a FGT60C cluster who's not able to do HTTP requests. It seemed to work after upgrading to 4.2.6, but if there are a lot of sessions starting at the same time (>200) it stops working. Scanning turned off in policy -> everything works well again ...
ReplyDeleteC9200L-24P-4X-E
sxhj sacjsa hj csa
ReplyDeleteC9200-48T-E hjsa csas aacs
ReplyDeleteC9300-24T-E xs xsjsa csa csa