Hot!Google Earth not working with Fortigate

Author
user
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/19 10:03:36
  • Status: offline
2020/02/19 10:33:38 (permalink)
0

Google Earth not working with Fortigate

When launch Google Earth, get message that:
Security certificate for play.google.com is not trusted!
With three options:
  1. Proceed Anyway (Unsafe)
  2. Show Details
  3. Reject Connection.
Company IT mentioned to click 1 but it says it is unsafe. Why is fortigate making Google Earth unsafe? Does this mean Fortigate people are break into my Google Earth and that is why it is unsafe? OR is Fortigate install spyware and Telemery like Windows in this security certificate?
#1

8 Replies Related Threads

    Dave Hall
    Expert Member
    • Total Posts : 1636
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/19 10:59:25 (permalink)
    0
    Most sites that run or hosted via Google (including play.google.com) uses Google's wildcard security certificate.  If the fgt is using full SSL (e.g. deep packet) inspection, you will get a security certificate warning because the fgt plays a man-in-the-middle by substituting it's own security certificate in place of the sites own security certification in order to peek at the encrypted traffic.  This is pure speculation on my part - you need to take a look at the warning message to see what the error is - it should include what the name is on the security certificate itself.   
     
    The pic below show what the real cert should look like.
     
     
     

    Attached Image(s)


    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #2
    user
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/19 10:03:36
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/20 06:46:41 (permalink)
    0
    If view the details, it shows this (cannnot get screenshot to load here) Type only a few lines only:
     
    Certificate error(s":
    The root certificate  of the certificate is self signed and untrusted.
    Serial Number: 60:15:1a:b3c5ef:1e:18
    support@fortigate.com
    #3
    user
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/19 10:03:36
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/21 07:14:08 (permalink)
    0
    Here I finally got screenshot to work on Vbox. It makes PNG and your site does not allow PNG. Had to uploaded to another site to get it to work.

    #4
    emnoc
    Expert Member
    • Total Posts : 5537
    • Scores: 353
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Google Earth not working with Fortigate 2020/02/21 08:16:44 (permalink)
    0
    Your doing SSL inspection you need to fix your clients by insert and trusting the Cert forger who's the Foprtigate. Nothing is wrong with google earth, fwiw
     
    Ken Felix
     

    PCNSE 
    NSE 
    StrongSwan  
    #5
    Dave Hall
    Expert Member
    • Total Posts : 1636
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/21 08:20:53 (permalink)
    0
    Hi user.
     
    Your screenshot and your last post shows the Fortigate on your company network appears to be configured for full SSL inspection, and as such requires (ideally) a proper security certificate be installed on your computer's web browser.  There are other workaround or remedies for this, of course you can choose to accept the one presented to you (assume it is the fortigate security certificate) but you should follow whatever advise given to you by your network or IT admin. 
     
    f you are not in charge or manage your company's fortigate firewall, I suggest you speak to the person who is in charge and let them know you can't download Google Earth because of the company's fortigate firewall settings.  

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #6
    user
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/19 10:03:36
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/21 10:19:21 (permalink)
    0
    Person said to ignore it and click Proceed Anyway (Unsafe). This is why I am looking for a solution for it since they are no concern about. It says that it is unsafe which makes me worried.  How to I bypass and get the certificated installed correctly so that it is save rather than unsafe.
    #7
    Dave Hall
    Expert Member
    • Total Posts : 1636
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/21 14:28:10 (permalink)
    0
     
    Follow your network admin's lead - do keep in mind that if you choose to proceed there should be an option to add the site's security certificate to your browser - this should be the Fortinet security certificate...but do consult your network admin on this.
     
    I have already provided a link above to understand what is happening and included in that link are "workarounds", including detailed sections:
     
    - Preventing certificate warnings (CA-signed certificate)
    - Preventing certificate warnings (default certificate)
    - Preventing certificate warnings (self-signed)
    - Why you should use SSL inspection

    The likely best option in your case is to simply ask your network admin to provide and/or install the Foritgate security certificate in your web browser.

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #8
    user
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/19 10:03:36
    • Status: offline
    Re: Google Earth not working with Fortigate 2020/02/26 08:06:37 (permalink)
    0
    After clicking Proceed Anyway (Unsafe), there is no option to add the site's certificated. Admin says that everything is fine and use the unsafe option only. 
    Is there any other way to make it safe if admin does not want to import the certificated or does it need a bypass method?
    #9
    Jump to:
    © 2020 APG vNext Commercial Version 5.5