Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mohammed_Khan
New Contributor

Content Disarm and reconstruction

when we enable content and disarm in antivirus  getting error when applied to a policy  "value conflicts with system settings"  with fortiOS 6.0.4 and 6.2

10 REPLIES 10
Markus
Valued Contributor

This has helped me

https://cookbook.fortinet.com/content-disarm-reconstruction-60/

 

Good Luck


________________________________________________________
--- NSE 4 ---
________________________________________________________

________________________________________________________--- NSE 4 ---________________________________________________________
Alivo__FTNT

Hello, The message you receive when attempting to enable Content Disarm and Reconstruction on the AntiVirus profile, is because the Proxy Options settings in the CLI Console have splice and clientcomfort on CDR-supported protocols enabled. To fix it please do:  config firewall profile-protocol-options  edit custom-default  config smtp  unset options splice  next  config http  unset options clientcomfort  next  end  end  You should also confirm the AntiVirus profile’s protocol settings under config antivirus profile:  ensure that set options scan is enabled on CDR-supported protocols  if set options av-monitor is configured on a CDR-supported protocol , it overrides the config content-disarm detect-only setting (and CDR will not occur)  CDR supported protocols are:  http  smtp  imap  pop3

I hope this helps Alivo

livo

dbaddorf

   With 6.0.4 I too am having the problem where when I try to enable "Content Disarm and Reconstruction" in the Security Profiles - AntiVirus, I get the message: "Value conflicts with system settings".  This is when logged into the Global VDOM.  (The root VDOM didn't give me an Apply button to save changes so I'm assuming that I need to be in the Global VDOM).

 

    I tried to follow the instructions from Alivo which didn't work exactly.  I can't use the "config firewall profile-protocol-options" for the "config global".  I need to be in my root VDOM.  But even from here after I removed splice from SMTP (and I didn't see clientcomfort anywhere) I couldn't enable the "Content Disarm and Reconstruction" in the GUI.

 

   Here are my settings for the root VDOM:

config firewall profile-protocol-options edit "default" set comment "All services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next edit "custom-default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail end config nntp set ports 119 set options splice end config dns set ports 53 end next end

 

   Any idea of how I can enable "Content Disarm and Reconstruction" for my root VDOM?

 

Thanks!

 

jasont230

I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"

 

Any ideas?

JayL
New Contributor

jasont230 wrote:

I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"

 

Any ideas?

If you type unset options ?, you will see there is nothing supposed to be after the options. I guess the syntax has been changed in 6.2, you just need to type unset options.

walvis
New Contributor

Hello,

 

same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result.

 

Did you figure out how to enabled it?

 

 

jim3cantos
New Contributor III

walvis wrote:

Hello,

 

same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result.

 

Did you figure out how to enabled it?

 

 

In our case, with FortiOS 6.0.7, after getting the the error indicated by the OP, we also tried to disable CDR completely. We didn't receive any error and all CDR options are disabled in active AV profile (checking from CLI) but still the Fortigate keeps scanning the files with the option "detected-only". Ticket opened in Fortinet Support.

José Ignacio Martín Jiménez
José Ignacio Martín Jiménez
PeterKiarie

Thanks for sharing this solution. I am sure other users will benefit from you.

JulJameson
New Contributor

most likely you need to add an exception

Labels
Top Kudoed Authors