Description
This article provides the information on particular system event which can be seen.
Scope
FortiGate.
Solution
If the AV profile is applied in policy there can be some random websites which can be blocked and below system event can be observed for the traffic:
'Scanunit failed due to internal error: Content decode failed'
The error can be due to the HTTP inspection enabled in the AV profile.
There can be some web-traffic which use some random port instead of port 80 only, so the traffic is blocked which uses that port when HTTP enabled.
To avoid this the HTTP have to be disabled in AV profile.
Run the below command in AV profile which has been applied in policy:
config antivirus profile
edit <antivirus profile name>
config http
set av-optimize disable
end
diag autoupdate versions
Note:
The option 'set av-optimize' has been removed from 6.2.2 CLI and above:
Configure AntiVirus profiles.
Configure AntiVirus profiles.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.