Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎05-11-2005 12:00 AM

Article Id 197816

Antivirus/NIDS updates and FortiGuard services not working

Article
Description Adding an ‘Encrypt’ firewall policy, prevents Antivirus/NIDS updates and FortiGuard services from working
Components

  • All FortiGate units running FortiOS 2.8.

Steps or Commands

Issue

Upon creating/adding an ‘Encrypt’ Firewall Policy, the following FortiGate features stop functioning:

  • FortiGuard services that provide antivirus/NIDS updates, anti-SPAM and URL Category blocking.
  • FortiGate generated DNS lookups.
  • other FortiGate generated traffic such as Email Alerts and SNMP Traps may also fail, depending on their intended destination. (See the Fortinet Knowledge Base article Traffic types and ports used).

Cause

The ‘Encrypt’ Firewall Policy was created with the external_all (0.0.0.0/0.0.0.0) as a destination subnet. This causes all FortiGate generated traffic to be inserted into the IPSec tunnel, instead of leaving un-encrypted onto the Internet.

Solution

Modify the ‘Encrypt’ policy to use a specific Destination (and Source) subnet value.


Related Articles

Technical Note: Traffic Types and TCP/UDP Ports used by Fortinet Products

Labels:
1941
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.