Created on 01-29-2007 12:00 AM
Description | The FortiGate unit blocks a Smart-Phone accessing RSS feeds on port 80 (HTTP). |
Components |
|
Steps or Commands | IssueWhen a user uses a Smart-Phone to access RSS feeds, the FortiGate HTTP proxy allows TCP handshake for non HTTP traffic. As soon the data transfer begins, the FortiGate unit blocks the traffic because the proxy does not recognize it. This is expected behavior. Since the dropped packets are not HTTP traffic, but are using TCP port 80 to communicate with the server, the proxy will block them. SolutionIn most cases, the solution is to use a firewall policy without a protection profile (no proxy enabled) with the RSS server's Fully Qualified Domain Name (FQDN) as the destination address. There has been cases where the RSS server (www.avantgo.com for example) had a different IP resolved by the DNS, than the Smart-Phone. A fixed destination address (which Smart-Phones use) was used. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.