Hot!Content Disarm and reconstruction

Author
Mohammed Khan
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/25 06:41:14
  • Status: offline
2019/04/08 09:50:06 (permalink)
0

Content Disarm and reconstruction

when we enable content and disarm in antivirus  getting error when applied to a policy  "value conflicts with system settings"  with fortiOS 6.0.4 and 6.2
#1

7 Replies Related Threads

    Markus
    Gold Member
    • Total Posts : 200
    • Scores: 25
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: Content Disarm and reconstruction 2019/04/08 22:49:16 (permalink)
    #2
    Alivo_ FTNT
    Silver Member
    • Total Posts : 74
    • Scores: 22
    • Reward points: 0
    • Joined: 2013/04/30 12:42:47
    • Location: Fortinet TAC Prague
    • Status: offline
    Re: Content Disarm and reconstruction 2019/04/14 08:03:18 (permalink)
    0

    Hello,
    The message you receive when attempting to enable Content Disarm and Reconstruction on the AntiVirus profile, is because the Proxy Options settings in the CLI Console have splice and clientcomfort on CDR-supported protocols enabled. To fix it please do: 

    config firewall profile-protocol-options 
    edit custom-default 
    config smtp 
    unset options splice 
    next 
    config http 
    unset options clientcomfort 
    next 
    end 
    end 

    You should also confirm the AntiVirus profile’s protocol settings under config antivirus profile: 

    ensure that set options scan is enabled on CDR-supported protocols 
    if set options av-monitor is configured on a CDR-supported protocol , it overrides the config content-disarm detect-only setting (and CDR will not occur) 

    CDR supported protocols are: 

    http 
    smtp 
    imap 
    pop3
    I hope this helps

    Alivo
    #3
    dbaddorf
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/02/09 08:45:21
    • Status: offline
    Re: Content Disarm and reconstruction 2019/07/03 12:14:58 (permalink)
    0
       With 6.0.4 I too am having the problem where when I try to enable "Content Disarm and Reconstruction" in the Security Profiles - AntiVirus, I get the message: "Value conflicts with system settings".  This is when logged into the Global VDOM.  (The root VDOM didn't give me an Apply button to save changes so I'm assuming that I need to be in the Global VDOM).
     
        I tried to follow the instructions from Alivo which didn't work exactly.  I can't use the "config firewall profile-protocol-options" for the "config global".  I need to be in my root VDOM.  But even from here after I removed splice from SMTP (and I didn't see clientcomfort anywhere) I couldn't enable the "Content Disarm and Reconstruction" in the GUI.
     
       Here are my settings for the root VDOM:
    config firewall profile-protocol-options
    edit "default"
    set comment "All services."
    config http
    set ports 80
    unset options
    unset post-lang
    end
    config ftp
    set ports 21
    set options splice
    end
    config imap
    set ports 143
    set options fragmail
    end
    config mapi
    set ports 135
    set options fragmail
    end
    config pop3
    set ports 110
    set options fragmail
    end
    config smtp
    set ports 25
    set options fragmail splice
    end
    config nntp
    set ports 119
    set options splice
    end
    config dns
    set ports 53
    end
    next
    edit "custom-default"
    set comment "All default services."
    config http
    set ports 80
    unset options
    unset post-lang
    end
    config ftp
    set ports 21
    set options splice
    end
    config imap
    set ports 143
    set options fragmail
    end
    config mapi
    set ports 135
    set options fragmail
    end
    config pop3
    set ports 110
    set options fragmail
    end
    config smtp
    set ports 25
    set options fragmail
    end
    config nntp
    set ports 119
    set options splice
    end
    config dns
    set ports 53
    end
    next
    end
     
       Any idea of how I can enable "Content Disarm and Reconstruction" for my root VDOM?
     
    Thanks!
     
    #4
    PeterKiarie
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/13 03:02:55
    • Status: offline
    Re: Content Disarm and reconstruction 2019/07/15 23:11:34 (permalink)
    0
    Thanks for sharing this solution. I am sure other users will benefit from you.
    #5
    jasont230
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/07 19:25:59
    • Status: offline
    Re: Content Disarm and reconstruction 2019/09/07 19:33:54 (permalink)
    0
    I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"
     
    Any ideas?
    #6
    JayL
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/02 12:54:45
    • Status: offline
    Re: Content Disarm and reconstruction 2019/09/16 06:04:35 (permalink)
    0
    jasont230
    I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61"
     
    Any ideas?




    If you type unset options ?, you will see there is nothing supposed to be after the options. I guess the syntax has been changed in 6.2, you just need to type unset options.
    #7
    walvis
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/30 06:49:39
    • Status: offline
    Re: Content Disarm and reconstruction 2019/10/16 03:12:40 (permalink)
    0
    Hello,
     
    same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result.
     
    Did you figure out how to enabled it?
     
     
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5