HTTP A/V Scanning breaking Web Applications

If you are running FortiOS 4.0 MR1 at pretty much any patch level there is currently a bug which breaks or severely slows certain web applications. For example the BMC Service Desk (Magic) Ticketing systems runs VERY slow. Also certain web-based management platforms are broken completely.
At the moment the workaround is to disable HTTP scanning in the protection profile and to not apply any DLP settings for HTTP in the UTM config.

Fortinet has identified the root cause of this issue and a patch is scheduled to be included in FortiOS 4.0 MR1 Patch 5. Patch 5 is slated to be released towards the end of April.

** Update **


From the 4.0 MR1 Patch 5 release notes:


Description: The FortiGate may drop pipelined HTTP requests.
Bug ID: 120936
Status: Fixed in v4.0 MR1 - Patch Release 5.

Software Updates

FortiOS

• 4.0 MR1 Patch 4, Build 196

FortiMail

• 4.0 GA Patch 2, Build 126

FortiCarrier

• 4.0 MR1 Patch 4, Build 196

Fortigate GUI Problem with Firefox and Adblock Plus

Known to be affected:

• FortiOS 4.0 MR1
• Adblock Plus 1.1.X

If you are running the Adblock Plus plugin for Firefox there are problems when expanding some of the "Advanced" fields in the firewall GUI. In particular

• Router -> Dynamic -> OSPF: The little blue triangle to expand the "Advanced Options" does not display but can be clicked if you know its location
• VPN -> IPSEC -> Auto Key: The "Advanced" option buttons for both Phase 1 and 2 appear but do not expand the GUI when clicked.

The current workaround I found is to simply disable Adblock Plus for a particular firewall.

Software Updates

FortiClient

• 4.0, MR1 Patch 3, Build 143

FortiDB

• 4.0 GA, Patch 2, Build 004

FortiWeb

• 4.0 GA, Build 199