Created on 02-19-2008 12:00 AM
Description | Oversize function for the AntiVirus Scan threshold considerations. |
Components |
|
Steps or Commands | To limit the in-memory file size that a FortiGate unit can scan, you can define the oversize threshold. If a file size is larger than this size threshold, the FortiGate unit will either pass or block the file. You can set the threshold in the AntiVirus section of the Protection Profile by going to Firewall> Protection Profile. HTTP compression (widely known as Content Encoding) is a method to compress original data. Based on the original data type, the compression ratio can be as much as 1/4 of its original size. Considering that some files that are actually greater than the oversize threshold (yet far smaller when compressed and passed using Content-Encoding method, such as gzip, deflate or compress), the FortiGate unit calculates a threshold of 1/3 of the actual threshold defined to prevent such encoded files from getting through. For such designed behavior, HTTP compressed (Content-Encoded) data may trigger an oversize action (pass or block) at a time when the FortiGate unit buffers 1/3 of the threshold data. This behavior is currently under investigation for future releases. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.