Hot!AnyDesk SSL error when Deep Packet enabled

Author
kulas
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/09/28 19:28:08
  • Status: offline
2018/06/29 03:19:37 (permalink)
0

AnyDesk SSL error when Deep Packet enabled

Hi Experts,
 
Please help me regarding this. I have applied deep packet inspection in the firewall policy but AnyDesk application shows SSL error. When I try to change the inspection mode to SSL Certificate, the AnyDesk shows no error. I also created custom deep packet inspection profile and add AnyDesk FQDN on the exemption list but no luck. I have to use deep packet inspection to block facebook comments, likes, and file uploads.
 
I am also searching regarding troubleshooting of deep packet inspection and I found this thread https://forum.fortinet.com/tm.aspx?m=148759
After running this command "diagnose ips debug enable ssl", the dubug output shows

[189/0]create_run_mode: SSL CA name: Fortinet_CA_SSL, untrust CA name: Fortinet_CA_Untrusted, VDOM: 0, enable: 1, mode: 2,
verifyca: 1, invalid_cert_action: 2, untrust_ca_action: 4, whitelist: 0
[189/0]confirm_ssl: confirm SSL.
[8076/0]create_run_mode: SSL CA name: Fortinet_CA_SSL, untrust CA name: Fortinet_CA_Untrusted, VDOM: 0, enable: 1, mode: 2,
verifyca: 1, invalid_cert_action: 2, untrust_ca_action: 4, whitelist: 0
[8076/0]confirm_ssl: confirm SSL.
[192/0]create_run_mode: SSL CA name: Fortinet_CA_SSL, untrust CA name: Fortinet_CA_Untrusted, VDOM: 0, enable: 1, mode: 2,
verifyca: 1, invalid_cert_action: 2, untrust_ca_action: 4, whitelist: 0
[192/0]confirm_ssl: confirm SSL.
[8076/0]create_run_mode: SSL CA name: Fortinet_CA_SSL, untrust CA name: Fortinet_CA_Untrusted, VDOM: 0, enable: 1, mode: 2,
verifyca: 1, invalid_cert_action: 2, untrust_ca_action: 4, whitelist: 0
 
What does those output means? Thank you.
 
Regards,
Kulas
#1

3 Replies Related Threads

    jpcastilloux
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/23 07:25:03
    • Status: offline
    Re: AnyDesk SSL error when Deep Packet enabled 2018/08/28 15:32:31 (permalink)
    0
    I have exactly the same problem.
    I cant even create a Deep Inspection exception for *.anydesk.com
    The Internet service available in the list is only for the website
     
    If I remove the deep inspection on my computer, the software is working.
    But as soon that I enable it, I got a ssl_14090086 error in the bottom of the software.
     
    I think there is a problem with the deep inspection and the relay servers they are using. Might be a man in the middle detected in their platform so the TCP session is resetted. That would be logical with this kind of software where's  critical vulnerability as been detected.
     
    I've found a thread that is talking about a certificate that can be installed on the Fortigate to make it works but the user havent posted his solution ( thanks bruh !!! ). I tried to install the CA and Root-CA certificates of the *.anydesk.com certificate but it didnt worked at all, even if I can see the certificates in the trusted CA certificate white list for the Deep Inspection.
    https://community.spiceworks.com/topic/1263442-how-to-open-fortiguard-for-use-with-remote-control-app-anydesk-ssl-error
     
    So if anybody got an idea how to resolve this problem or how to create an exception for the anydesk relay servers, that would be nice
     
    Thanks in advance !
    #2
    soomelol
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/13 15:17:04
    • Status: offline
    Re: AnyDesk SSL error when Deep Packet enabled 2018/11/13 15:21:14 (permalink)
    0
    I resolve this problem, FortiOS v5.6.3 build1547 (GA), i create a IPv4 Policity, Incoming Interface: lan, Outgoing Interface: sd-wan, source: lan, destination: "Anydesk-Web", Action ACCEPT, nat activated, in security profiles its desactivated Antivirus, Web Filter, DNS filter, Application Control and SSL Inspection.
     
     
     
     
    #3
    kostas22
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/20 03:03:28
    • Status: offline
    Re: AnyDesk SSL error when Deep Packet enabled 2019/02/13 02:12:57 (permalink)
    0
    soomelol
    I resolve this problem, FortiOS v5.6.3 build1547 (GA), i create a IPv4 Policity, Incoming Interface: lan, Outgoing Interface: sd-wan, source: lan, destination: "Anydesk-Web", Action ACCEPT, nat activated, in security profiles its desactivated Antivirus, Web Filter, DNS filter, Application Control and SSL Inspection.
     
     
     
     


    It doesn't work for me! Fortigate 60E(Firmwarev6.0.4 build0231 (GA))
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5