Hot!SSL (one time) error using Webfilter and Certificate Inspection

Author
AixTeam
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/03/04 06:19:01
  • Status: offline
2021/03/04 07:58:41 (permalink) 6.2
0

SSL (one time) error using Webfilter and Certificate Inspection

Hello,
 
We are using a FortiGate 200E here, and this problem began after our last upgrade, we went from version 6.0.11 to 6.2.7.
 
As soon as we try to enable Web filtering, first connexion to a website throws an error in the web browser, complaining about the fortigate issuing the certificate. But if we hit reload on the page, the connexion works perfectly. Acces to the site is then possible for some hours, and, after a while, the same error occurs -> 1 time forti CA issuer, hit reload, and it works fine...
 
All websites are subject to this error : google, any media, even fortinet.com and this forum
 
I've been trying quite a few things to see what would cause the problem :
 
- With the SSL inspection "default" or or a "custom" certificate-inspection , result is the same
 
- without webfilter, no error when accessing a new web site. 
 
- Without Webfilter, I can add any default security profile, no error. 
 
The fortigate mode is "profile-based", no central SNAT, no VDOM.
 
 
 
 
#1
AixTeam
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/03/04 06:19:01
  • Status: offline
Re: SSL (one time) error using Webfilter and Certificate Inspection 2021/03/04 08:57:23 (permalink)
0
Continued searching while the post was on hold, and it seems that the problem only occurs when the policy mode is "Flow Based", and doesn't happen when the policy is "proxy based". 
 
Still have to check what it implies, but we may change our policy default inspection mode
#2
Jump to:
© 2021 APG vNext Commercial Version 5.5