1

Long story short, at our office network, we can't really certain things. Last.fm downloads an entire song before playing it, and YouTube loads and then all of a sudden the entire video is loaded and it plays. It won't play before hand.

iTunes radio streams fine.

Is there a router setting or something else in our network hardware that would affect this? I'm currently on a Linksys Wireless-N router (the standard black spaceship looking thing) and we have some other stuff in the server room (not exactly sure what), but if there is a setting I can look for I can go in and poke around.

EDIT: The firewall appliance we have is a Fortigate of sorts, I believe a something in the 60 series.

It's a FortiGate 60M.

Talking to some other folks here, we know it's the Fortigate that's causing the problem.

EDIT: Turning off AV fixed the problem (it was expired anyway).

Daniel Huckstep
  • 539
  • 2
  • 8
  • 19
  • You want the name of a setting to change on a set of equipment that neither you nor any of us know the slightest bit about? – womble Nov 26 '09 at 22:36
  • Something like disabling streaming, or something relating to that seems somewhat generic. The wireless routers we have are standard Linksys ones, the switches are nothing fancy (I don't even believe they are managed). Now that I think about it, the only weird part is the firewall, which is a Fortigate mystery model. – Daniel Huckstep Nov 26 '09 at 22:43
  • Even if a lot of devices had an explicit "disable streaming" option (and I've not come across one yet), you can bet they'd call it different things ("Traf-o-shape mode 17" or something). It's *far* more likely, though, that it's an unrelated setting (like a firewalled port) that has a side-effect of killing streaming. – womble Nov 26 '09 at 22:50
  • I added some info. – Daniel Huckstep Nov 26 '09 at 22:52
  • The FortiGate is doing on the fly AntiVirus scanning amongst other things. So it might not be allowing the Last.fm or YouTube content to hit your network until it has scanned it. – Sim Nov 26 '09 at 23:44
  • Also are you sure that the FortiGate isn't there to stop or slow you from getting to YouTube or Last.fm ? – Sim Nov 26 '09 at 23:47
  • No, there are only 6 of us in this office, and we pass random videos around during the lunch break. We don't restrict any internet stuff. – Daniel Huckstep Nov 27 '09 at 04:35
  • We turned off AV since it was expired anyway and not doing any good, and it fixed the problem. – Daniel Huckstep Jan 01 '10 at 22:08

1 Answers1

2

What you're seeing it the device wanting to scan any file that is less than the threshold you've set. I think by default on the 60 models is 10 megs.

Edit: Now that the office is cleared out for the day I was able to try a few things out. I've found that lowering the threshold on the size of the file that AV is scanning in the protection profile that's applied to web surfing from the office to 2MB on HTTP traffic fixed all the streaming issues I ran into with youTube and last.fm.

Edit: Below is my original answer which now that I've had a chance to try didn't work. But I'll leave it here in case this may solve a related problem for someone.

If you trust the content coming from these sites you can add them to separate firewall rule with the protection profile of unfiltered to essentially white list these domains from being scanned. With something like this in your config.

config firewall policy  
    edit 41  
        set srcintf "wan2"  
        set dstintf "internal1"  
            set srcaddr "Last FM"             
            set dstaddr "ANY"             
        set action accept
        set status disable
        set schedule "always"
            set service "ANY"             
        set profile-status enable
        set profile "unfiltered"
        set nat enable
    next
end
config firewall address
    edit "Last FM"
        set type fqdn
        set fqdn "*.last.fm"
    next
end

Just make sure that this firewall rule is before your rules that are more protective policies. Also make sure you are willing to accept the risks associated with this configuration.

3dinfluence
  • 12,449
  • 2
  • 28
  • 41
  • If the AV was still a concern for us, this would be the way to go. Accepting since it's a better solution than simply turning off the AV. – Daniel Huckstep Jan 01 '10 at 22:10
  • Well unless you have a larger FortiGate there's still a limit on the size of what's getting scanned. Even with a lower threshold on http traffic mail and ftp traffic can still have independent threshold limits. Luckily most threats ride in on small payloads, so I don't think you're assuming too much risk by lowering the thresh hold on http traffic. But remember there's always larger things getting past the gateway unscanned. Security in layers is still the best approach so scanning at the gateway doesn't get rid of the need for AV on the desktops. – 3dinfluence Jan 02 '10 at 15:54