Hot![FG100e - 6.4.4]SSL/SSH Inspection issue Youtube, Vimeo

Author
itc
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 23:48:20
  • Status: offline
2021/03/02 13:13:10 (permalink)
0

[FG100e - 6.4.4]SSL/SSH Inspection issue Youtube, Vimeo

Hi
When I tyr to acces: youtube, vimeo I get:
==============
NET::ERR_CERT_COMMON_NAME_INVALID

Subject: *.fortinet.com
Issuer: ESET SSL Filter CA
Expires on: 31 mar 2021
Current date: 2 mar 2021
================

trusted root certificate authorities: installed
 

FGT Firmware: 6.4.4

It doesn't matter if I choose: SSL Certificate or Full SSL Inspection.

I have downloaded .crt from Fortigate and installed on PC - this didn't helped.

After almost 4 days - I gave up...
 
 

Attached Image(s)

#1

2 Replies Related Threads

    Yurisk
    Gold Member
    • Total Posts : 214
    • Scores: 32
    • Reward points: 0
    • Joined: 2011/12/04 03:30:01
    • Status: offline
    Re: [FG100e - 6.4.4]SSL/SSH Inspection issue Youtube, Vimeo 2021/03/03 03:08:05 (permalink)
    0
    I'd suggest:
    1. Enable port 443 inspection in Protocol MApping
    2. Server certificate SNI check - Enable
    3. Blocked certificates: Block
    4. Log SSL anomalies: On (for debug)
     
    Also, are you trying to Allow or Block Youtube in WebFIltering ? As if you try to block Youtube ib Rules, this can be seen as you are being redirected to Fortinet Block page. 
     
    In addition, the certificate error seems to come not from Operating system, but from ESET antivirus, have you investigated this, e.g. https://support.eset.com/en/kb3126-disable-ssl-filtering-in-eset-windows-products  ?
     
    post edited by Yurisk - 2021/03/03 03:09:44
    #2
    itc
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/03/22 23:48:20
    • Status: offline
    Re: [FG100e - 6.4.4]SSL/SSH Inspection issue Youtube, Vimeo 2021/03/04 00:58:14 (permalink)
    0
    No change. In eset I've disabled SSL check:
    Only change:
    ============
    NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: *.fortinet.com
    Issuer: FG100FTK20028697
    Expires on: 31 mar 2021
    Current date: 4 mar 2021
    =========
     
    Streaming and media added to exception, web filter allow all....
     
    Serial number of site is different than one used on fortigate... WHY?! This wrong serial number is not visible on my Windows machine!
     
     
    #3
    Jump to:
    © 2021 APG vNext Commercial Version 5.5