Troubleshooting Tip: GoogleArtifacts blocked in deep inspection

If GoogleArtifacts is getting blocked in deep inspection, exempt the following URLs in the Web Filter profile:

• *.googleapis.*.
• *googleartifacts*.
• *docker*.
• *cloudfront*.

Note: Custom URLs may need to be exempted based on user needs. 

Additionally, make sure cert-probe is set to allow:

config firewall ssl-ssh-profile

    edit <certificate profile name>

        config <protocol name>

            set cert-probe-failure [allow | block] <----- Default action is block.

        end

    next

end

Notes:

• If it still did not work, move the policy to Flow mode and verify the Destinations links to exempt them in Proxy mode.
  For Deep Inspection, make sure the user's browser has a cert installed for the SSL handshake. Refer to the document Importing the certificate into web browsers.
• Windows Group Policy Editor can be used to push the certificate to users' browsers in the appropriate environment, such as the Windows Group Policy Management Console. In this instance, importing the certificate into users' browsers is not necessary.

'Reputable websites' is a white-list database that is updated and synchronized through FortiGuard. This can be enabled in the SSL profile.

Related articles:

• Troubleshooting Tip: Google Meet is being blocked when using SSL Deep inspection
• Technical Tip: Information on 'Reputable web sites' for SSL inspection