Hot!5.6.0 breaks deep packet inspection

Author
gsarica
Bronze Member
  • Total Posts : 60
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/28 13:23:52
  • Status: offline
2017/05/22 06:26:04 (permalink)
0

5.6.0 breaks deep packet inspection

Going to open a ticket on this as well but wanted to see if anyone else had this same issue. Did the upgrade from 5.4.3 to 5.6.0 and as far as I can tell nothing changed in our policies except the deep packet inspection profile was automatically renamed from 'deep-inspection' to '__upg_deep-inspection' for some reason. Applications like Skype and Outlook are no longer connecting even though exceptions are in the list and it worked before the upgrade. Also going to certain websites will display a 'webpage is not available' error quickly before refreshing and finally going to the site.
#1

10 Replies Related Threads

    Chuck
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/03/07 06:09:03
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2017/09/23 06:36:39 (permalink)
    0
    i have same issue. on 5.6.2 it sometimes works but very slow. did you ever find an answer?
    #2
    gsarica
    Bronze Member
    • Total Posts : 60
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/28 13:23:52
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2017/09/25 05:34:58 (permalink)
    0
    Sort of. I had to go through each app that wasn't working and find lists of exceptions to add on their websites. Never got an answer as to why they all worked in 5.4 without the added exceptions but not in 5.6.
    #3
    hmtay_FTNT
    Platinum Member
    • Total Posts : 228
    • Scores: 45
    • Reward points: 0
    • Joined: 2017/02/22 11:02:10
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2017/09/25 07:17:18 (permalink)
    0
    Hello gsarica,
     
    Can you check what is the name of the CA Certificate that was imported onto your environment? If you have been upgrading your Fortigate from the older OS versions, there's some chance you are using the "Fortinet_CA_SSLProxy" Certificate - it's kept in newer FortiOS upgrades for compatibility purposes. 

    In FortiOS 5.6, the default profiles for certificate-inspection and deep-inspection uses the "Fortinet_CA_SSL" certificates. If you have been using the default profile while the Certificate you imported previously was "Fortinet_CA_SSLProxy", that would explain why deep-inspection is not working correctly and applications not working.
     
    Homing
    #4
    gsarica
    Bronze Member
    • Total Posts : 60
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/28 13:23:52
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2017/09/25 07:25:09 (permalink)
    0
    Thanks, the issue didn't have to do with the certificate being used. For example, the goto products like gotomeeting and gotoassist and such all worked fine in 5.4.2 with deep inspection enabled with only a minimum of exceptions, I think we had *.gotomeeting.com and only a couple others. Upgraded to 5.6 stopped them all from working. I had to add almost 40 exceptions found here:
     
    http://support.citrixonline.com/en_us/meeting/all_files/G2M060010
     
    Once I added all of them the apps worked again. Why they worked before the upgrade is beyond me.
    #5
    khalilysf
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/01/22 02:18:06
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/01/22 02:19:20 (permalink)
    0
    i have the same issue did you find any answer on the problem?
    #6
    st3fan
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/01/20 06:29:04
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/07/23 03:28:58 (permalink)
    0
    Hi everyone
     
    We also have this issue in our environment. Ever since we upgraded to FortiOS 5.6.x, we often experience that a website does not load at first but then it loads without a problem after a refresh. There are no certificate warnings - that is not the problem. We have experienced this on all builds of the 5.6.x branch so far. We have never had this problem on FortiOS 5.4.
     
    I opened a ticket with Fortinet Support a while ago but they were not able to assist as I simply could not provide the log files they requested. It is very challenging to capture this event as it cannot be reproduced, at least not in our environment. It seems to happen intermittently.
     
    Just wondering if anyone here ever found a solution? Has anyone experienced this issue on FortiOS 6.0.x?
     
    Thanks,
    Stefan
    #7
    rliessi
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/12 12:11:19
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/08/12 12:26:46 (permalink)
    0
    @st3fan, did you find a solution? I have the same problem, sometimes we need to refresh to load the website.
     
    Thanks,
    #8
    st3fan
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/01/20 06:29:04
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/08/13 00:54:17 (permalink)
    0
    Hi rliessi
     
    No, unfortunately we have not found a solution yet.
     
    Regards
    Stefan
    #9
    rliessi
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/12 12:11:19
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/08/13 03:05:54 (permalink)
    0
    Ok..   Thanks.
    #10
    KevinJP
    New Member
    • Total Posts : 13
    • Scores: 5
    • Reward points: 0
    • Joined: 2016/06/06 08:36:16
    • Status: offline
    Re: 5.6.0 breaks deep packet inspection 2019/08/15 15:25:50 (permalink)
    0
    We are having an issue where previously logged applications signatures like "Microsoft.Portal", "OneDrive", "Facebook" etc are no longer being logged after upgrading from 5.4.9 to 5.6.10.  These signatures are now being reported/logged as "unknown" applications.  Does not seem to be an issue on 5.6.8 or 5.6.9 however.  We want to stay on 5.6.10 to mitigate multiple CVEs bug the application logging is concerning.
     
    Anyone else notices this on 5.6.10?
    #11
    Jump to:
    © 2019 APG vNext Commercial Version 5.5