Hot!SSL inspection cause IE to give TLS errors

Author
BBoozer
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/09/10 10:30:07
  • Status: offline
2017/11/28 15:16:42 (permalink)
0

SSL inspection cause IE to give TLS errors

Our locations are locked down by their FortiGates fairly rigidly (FortiOS 5.0.14). We have one site that has recently been being blocked that is regularly used (www.concursolutions.com). This has always been part of our web filter whitelist. We are finding that It can only be gotten through the firewall when SSL inspection is disabled. I have tried adding policies before the primary internet traffic policy point to the site as well as its CRL location, and it DNS records IP address for both default and www (point to Microsoft). None of this works. TLS is already all checked by default at all locations in IE (no other browser can be installed, nor do they have permission to do so). Since it is below 5.2, there is no way to add SSL inspection exemptions. Any thoughts on how to achieve this would be greatly appreciated. 
#1

5 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 4404
    • Scores: 249
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL inspection cause IE to give TLS errors 2017/11/28 18:23:16 (permalink)
    0
    Did you  run  diag debug flow? Why are you  on 5.0.14?  Can you get into 5.2.12?

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #2
    BBoozer
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/09/10 10:30:07
    • Status: offline
    Re: SSL inspection cause IE to give TLS errors 2017/11/28 18:31:00 (permalink)
    0
    No, I did not, and upgrading 350 firewalls for a web page is out of the question. What could be garnered by this?
    #3
    emnoc
    Expert Member
    • Total Posts : 4404
    • Scores: 249
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL inspection cause IE to give TLS errors 2017/11/28 19:10:40 (permalink)
    0
     

    No, I did not, and upgrading 350 firewalls for a web page is out of the question. What could be garnered by this?

     
     
    Staying current  within FortiOS,  for one.
    Using a  version that more new and current,  for two.
    Using a version of firmware that still under development,  for three.
    Using a version of firmware that has made numerous fixes & in regards to ssl-inspection,   for four.
    I'm sure v5.0.x train is  End or life and|or develpoment, for  my fifth and last reason
     
    Do I need to list more reasons? Since it this one, I would start with a  diag debug flow and see what the output shows
     
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #4
    BBoozer
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/09/10 10:30:07
    • Status: offline
    Re: SSL inspection cause IE to give TLS errors 2017/11/28 19:17:53 (permalink)
    0
    I was referring to running the command. As stated, upgrading at this juncture is a moot point.
    #5
    emnoc
    Expert Member
    • Total Posts : 4404
    • Scores: 249
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SSL inspection cause IE to give TLS errors 2017/11/28 19:23:42 (permalink)
    0
    The cli diag debug flow will show possible issues that you can't see from just  a enduser error. Since v5.0.14 is old , I would look at and analyze any diag debug flow output
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #6
    Jump to:
    © 2017 APG vNext Commercial Version 5.5