What are two reasons for the failed virus detection by FortiGate?

A network administrator enabled antivirus and selected an SSL inspection profile on a firewall policy. When downloading an EICAR test file through HTTP, FortiGate detects the virus and blocks the file. When downloading the same file through HTTPS, FortiGate does not detect the virus and does not block the file, allowing it to be downloaded.

The administrator confirms that the traffic matches the configured firewall policy.

What are two reasons for the failed virus detection by FortiGate? (Choose two.)

A. The website is exempted from SSL inspection.

B. The EICAR test file exceeds the protocol options oversize limit.

C. The selected SSL inspection profile has certificate inspection enabled.

D. The browser does not trust the FortiGate self-signed CA certificate.

Answer: A,C

Explanation:

Two possible explanations for FortiGate’s failure to detect the virus are:

A. The website is exempted from SSL inspection: If the website hosting the EICAR test file is exempt from SSL inspection, FortiGate will not be able to inspect the encrypted traffic, leading to the virus going undetected.

C. The selected SSL inspection profile has certificate inspection enabled: If the SSL inspection profile used by FortiGate has certificate inspection enabled, it may cause issues with SSL/TLS connections, potentially leading to the failure to detect the virus in HTTPS traffic.

Deep inspection need to be enabled.

We’re not talking about certificate trust warnings. The file was not decrypted, thus the antivur engine could not recognize the payload as a virus.

While offering some level of security, certificate inspection does not permit the inspection of encrypted data. p. 333 Deep-Inspection is required in stead of Certificate-based to ensure content inspection.