Description
One common issue when using a FortiGate unit with antivirus configure, is slow traffic or traffic timeouts specifically with Apple iTunes downloads.
This article shows the steps to improve this so that no downloads from this site will fail. This procedure makes use of the Exempt features which allow traffic from a certain site to bypass all proxy actions.
Solution
iTunes connects to apple.com to download music. The FortiGate unit will buffer anything it downloads up to the antivirus threshold before it sends anything to the client software. iTunes has a problem with this and thinks the connection is down due to the delay.
You need to set up a URL exemption for apple.com to disable antivirus scanning from that website. Add apple.com to a Web Filter table, select Filter Exceptions and use an action of Exempt.
To allow a bypass for iTunes:
- Go to Web Filter > URL filter > Create New. (Note, in FortiOS 4.0, this is located in UTM > Web Filter > Web Content Exempt).
- Create a new group name and select OK.
- Select Create New and enter the following and select OK.
- URL - apple.com
- Type - simple
- Action - exempt.
- Go to Firewall > Protection Profile.
- Select Edit for the required protection profile.
- Select the blue arrow for Web Filtering to expand the options.
- Select the check box for Web Content Exempt, and select the filter group created in the steps above.
- Select OK.
