Skip to main content
NewFreedom
NewFreedom
New Member
January 4, 2025
Question

NordVPN on Fortigate 120G 7.4.5 and 7.4.6 (Mature)

  • January 4, 2025
  • 2 replies
  • 2309 views

Hi folks,

 

I've found that SSL Certificate Inspection in the configuration below, applied to my LAN -> WAN policy is substituting the NordVPN certificate with my Fortigate certificate. NordVPN is detecting the change and terminating the connection. If I disable certificate inspection, NordVPN connects without issue. When SSL Certificate Inspection is selected, it is not possible to add exceptions. I tried choosing Full SSL Inspection instead and added the exceptions for the NordVPN addresses below, but that yielded the same result. I upgraded from 7.4.5 to 7.4.6 and still have the same issue.

 

Any ideas? Thanks in advance!

 

NordVPN addresses excepted:
*.nordvpn.com
*.nordcdn.com
*.rsc.cdn77.org
*.nordlayer.com
*.nordlinks.com
*.nordapi.com

 

Here is the NordVPN error:

Screenshot 2025-01-03 170224.png

 

Here is the default SSL Certificate Inspection policy I have applied:

 
 
 

Screenshot 2025-01-03 170011.png

 

Here is the "exception" policy I tried:

Screenshot 2025-01-03 170736.png

 

 

2 replies

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
January 4, 2025

Hi @NewFreedom ,

 

This is weird, as the name implies, Certification Inspection will inspect CN in the certificate or SNI in the Client Hello that is not encrypted so FGT will not be the MIMT to decrypt and encrypt the traffic.

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
January 4, 2025

You have the Thumbprint info in the first screenshot.  Could you please enter into your FGT to check the Fingerprint info for the "Fortinet_CA_SSL" certificate to compare whether they are the same one?

Terms & ConditionsAccessibility statement