This article describes the implementation of ZSTD encoding and the possible workarounds for enabling access to these sites.
FortiOS.
ZSTD is a compression mechanism, lossless and faster than others extensively used so far.
It is also known as Zstandard (RFC 8878), published in 2021, and is increasingly used to deliver real-time compression content.
The challenge that this encoding poses is that the inspection done on the firewall requires an additional decoder and processing power.
At the moment, this decoder is implemented in FortiOS for other uses, but not for inspection. This means that the inspection profiles applied to a policy that is supposed to allow sites with zstd-encoded content will fail. As a result, the browser will display an error instead of the website's content compressed with ZSTD.
FortiOS ZSTD support is currently under development (tracked internally under NFR 1004320).
What can be done / workarounds until this is officially supported:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.