Hello! Starting today, we're seeing multiple issues with the SSL DPI breaking quite a few applications in the org, that were working fine as of last week. I'm having trouble locating any logs or details as to what or why this is occurring. Some examples are.Printix Printing fails entirelySlack - Pasting images failsZoom - Fails to connect to meetingsAnd other applications, such as browser add ons and such.Disable SSL DPI fixes the issue immediately. Logs are emptyCert is still validDisable security controls individually does nothing Does anyone have any thoughts, or some additional troubleshooting methods I can take?

Visitor III

Question

FortiGate SSL Inspection suddenly breaking applications.

Forum|Forum|2 years ago
April 22, 2024
7 replies
14936 views

Hello!

Starting today, we're seeing multiple issues with the SSL DPI breaking quite a few applications in the org, that were working fine as of last week.

I'm having trouble locating any logs or details as to what or why this is occurring.

Some examples are.

Printix Printing fails entirely
Slack - Pasting images fails
Zoom - Fails to connect to meetings

And other applications, such as browser add ons and such.

Disable SSL DPI fixes the issue immediately.

Logs are empty

Cert is still valid

Disable security controls individually does nothing

Does anyone have any thoughts, or some additional troubleshooting methods I can take?

AndreLo

Visitor III

We have here the same problem!!! 100F 7.0.14, today updated to 7.0.15 - problem persists!

We had to change the inspectionmode to flow-based and work only with certificate inspection!

dlarsonAuthor

Visitor III

I by default have inspection mode set to Flow based. It seemed to logically be the better choice when reading documentation. We too are on cert inspection only at this point till the issue is resolved.

Shashwati

Staff

Are you using Proxy based mode on Firewall policy. Please check that Forti guard server is reachable from the Firewall properly

dlarsonAuthor

Visitor III

Flow-based mode.

Fortiguard is reachable, and filtering services availability is up before & after test connection.

AEK

SuperUser

Hi

What is the result if you enable DPI and allow all applications?

AEK

dlarsonAuthor

Visitor III

Any form of DPI enabled breaks. For example. DPI & AV (with applications feature being turned off).

AndreLo

Visitor III

Hi,

we also have this problem with some users who use the explicit proxy. Naturally, this cannot be switched to flow mode. Disabling certificate inspection alone does not help. Disabling all NGFW features (antivirus, WAF etc.) does not help either! So - No workaround for this users! FW: 100F with 7.0.15, Location Germany

hbac

Staff

Hi @dlarson,

Have you checked SSL Security Event logs?

Regards,

dlarsonAuthor

Visitor III

Yeah, no luck there. No indication of any issues.

dlarsonAuthor

Visitor III

UPDATE: Worked with FortiGate support we swapped from Flow to Proxy we seemed to fix the issue, but it was intermittent today, where it was very consistent before. Still couldn't explain why this suddenly started occurring, but my best guess is from a change I made recently due to a DDOS attack that caused our traffic to route through a third party mitigation service. I had to adjust the MTU to 1476 to alleviate some issues, and my best guess is this somehow had/has issues with Flow-based mode.

I have since reverted back to the default MTU & re-enabled Flow to see if the issue is resolved.

Per tech response: "- I informed you that when using deep inspection, proxy-based should be selected for the firewall policy."