Description
Kaspersky uses ports 80 and 443 to register and download updates; if "SSL Inspection" is enabled on your policy then a "ssl exemption" will be required.
Solution
1) Create two FQDN objects
config firewall address
edit "Kaspersky_0"
set type fqdn
set fqdn "*kaspersky.com"
next
edit "Kaspersky_1"
set type fqdn
set fqdn "*kaspersky-labs.com"
next
end
2) Add the FQDN objects to "ssl exempt" on the FULL SSL Inspection profile
config firewall ssl-ssh-profile
edit "your_FULL_ssl_inspection_profile"
config ssl-exempt
edit 0
set type address
set address "Kaspersky_0"
next
edit 3
set type address
set address "Kaspersky_1"
next
end
end
