Skip to main content
Mohamed_Salah95
Mohamed_Salah95
New Member
February 17, 2026
Question

Admin Console - 3CX CERT probe failed

  • February 17, 2026
  • 1 reply
  • 391 views
Hello all ,

 

I’m a bit confused about the certificate-probe-failed error and would like to better understand why it happens and how to identify its root cause.

We experienced denied traffic on the FortiGate firewall to smart.3CX.be:5001 due to a certificate probe failed error, with the following message:

"SSL connection is blocked due to unable to retrieve server’s certificate.”

(certificate-probe-failed)

 

As the default behavior for CERT probe failed is block so the traffic is blocked.

It's strange for me as the issue occurred yesterday, where the traffic was consistently blocked by the firewall. However, today the traffic started passing successfully, and the service is working as expected without any changes made on the firewall side. does anyone have any idea about that ?

note : I use default Certificate inspection profile with flow mode .

1 reply

nevan
Staff
nevan
Staff
February 19, 2026

Dear Mohamed,

Please find the article that describes the error with solution below here:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-fix-SSL-connection-is-blocked-due-to/ta-p/362052

Regards.

// Kindness is the Key //
    Mohamed_Salah95
    Mohamed_Salah95Author
    New Member
    February 19, 2026

    Hello Nevan

    Thank you for your help. I’ve reviewed the solutions mentioned in this topic, and I believe that implementing either of the two options may raise security concerns, as they would allow sessions even when the certificate probe fails.

    For this reason, I’m focusing on identifying the root cause of the certificate probe failure, so we can prevent this issue from occurring again in the future without negatively impacting the security posture.

     

    BR

     

    nevan
    Staff
    nevan
    Staff
    February 19, 2026

    Dear Mohamed,

    When SSL inspection (certificate or deep inspection) is enabled, the FortiGate checks the server’s certificate before an HTTPS connection is made.

    If there are problems like network errors, failed handshakes, misrouted traffic, or untrusted/invalid certificates, the check can fail. When this happens, the FortiGate records a certificate probe failure in the logs.

    Simply, unable to retrieve server's certificate for inspection cause probe failure.

    Regards.

    // Kindness is the Key //
    Terms & ConditionsAccessibility statement