FortiGuard Block Page Missing Objects

AtiT · ‎05-12-2016

Hello,

I have a problem with the FortiGate-80D OS version 5.2.7.

When I block a HTTP page everyting is OK. When I block the same page but HTTPS the objects on the page (images) are missing.

HTTP example:

http://bwin.com/

AtiT

AtiT · ‎05-12-2016

HTTPS example:

https://bwin.com/

Anyone has a clue what is happening?

For HTTPS inspection I am using a self-signed CA certificate from Windows AD.

Using the built-in FortiSSL certificate everything is working well.

AtiT

AtiT · ‎05-12-2016

Ok it seems that it is something to do with Internet explorer, on Firefox everything looks good.

AtiT

AtiT · ‎05-13-2016

I found the problem, I had to set the same certificate used in SSL inspection under the user settings:

config user setting set auth-ca-cert "certificate-name" end

AtiT

AtiT · ‎10-07-2017

Hello, we are experiencing the same problem again, but now it does not matter whether HTTP or HTTPS and not related to browsers. It seems that bad URL is generated for some reasons.

I made some tests and find the sometimes "good" URLs and simetimes "bad" URLs are generated: OK http://url.fortinet.net/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

http://url.fortinet.net/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

http://url.fortinet.net:80/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

http://url.fortinet.net:8008/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

NOT OK http://url.fortinet.net:8/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

http://url.fortinet.n/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

http://url.fortinet.ne/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH

It is tested on FortiGate-60E and FortiOS 5.6.2.

Does anyone know why different URL is generated every time?

I can browse the http://url.fortinet.net/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH and I can see all the icons, but URL http://url.fortinet.net:8/XX/YY/ZZ/CI/MGPGHGPGPFGHCDPFGGOGFGEH does not exists.

Is it a bug?

AtiT