Some https website can' t be accessed...

Perhaps a clue in this: http://support.fortinet.com/forum/tm.asp?m=56138&p=1&tmode=1&smode=1 Would be interesting if these are related. Bill

My problem disappeared. What about yours?

Well... it' s a different story~ Finally found that the e-banking https websites cannot be accessed due to the old IE version... it works now after upgrade the IE6 to IE7... (maybe the bank increased the security level or changed something in the same time?) However, some other https websites are still need to wait for a long long time... most of them are self-signed cert. (i.e. the yahoo mail https url is OK)... may still need some time to monitor the status~~~ On the other hand, I may need to upgrade the firmware version from v402 b099 to the lastest one... as the apps control for the IM is crashed.... no login could be found anymore and even no control...

Nothing to do with the bank changing their settings.... We' ve started to use our 310b for web filtering including ssl inspection and have no end of issues. Sites that were previously accessible via our old proxy no longer work through the FGT using IE6. Go via proxy and all works. Go via FGT and it doesn' t. Like you say though, an upgrade to IE7 seems to fix most sites. What do we do with SSL sites still not working though? Allowing the sites using local ratings doesnt work, adding them as exempt in the URL filter doesnt work. Logs all say allowed/except but still just ' page cannot be displayed' . Nothing in the logs saying anything blocked either. The only workaround i' ve got is to use an fqdn alias for each site and a seperate policy allowing the traffic. Hardly ideal with loads of sites blocked and having to add a policy for every single host that we need to access (which can be many per domain in some cases)

Oh..... yes! Thanks for your input, rwpatterson ~ It' s really working now once change the setting of the " Proxy - All application" in the Application Control from BLOCK to ALLOW, any SSL urls are now resumed as normal~~~ But anyone knows why the proxy blocking is related to the SSL url ??? Some SSL url is using the http proxy?

Glad I came across this thead. Within the last 5 days two important banking sites that load via https stopped working for us in our main office where I have a 200A. However those same sites work in our office across the street where I have a 80C. Google works fine for me but oddly enough microsoft.com will not load. I' ve also rebooted everything that could possibly be the problem. I even changed out DNS servers to verify it wasn' t a DNS issue. Routers & Switches have also been rebooted. I' ve disabled the WEB protection profile which made no difference. I guess at this point Im going drop in an old ASA5505 in place of the 200A to verify its the 200A. 200A - v4.0,build0185,091020 (MR1 Patch 1) 80C - v4.0,build0178,090820 (MR1)

How did you downgrade? Where did you get the IPS file? Btw, on my two fortigates where everything is working fine, they' re running: 2.00593 The fortigate unit that isn' t working was just updated and is running: 2.00719

Unfortunately my first experience with Fortinet support isn' t turning out to be a good one. Day 4 of this problem now since it was discovered. I' ve referenced this thread and your ticket several times. I' ve requested a previous definition several times yet the guy working my ticket just doesn' t seem to care. I configured a Cisco ASA5505 with the same incoming/outgoing rules as my 200A. When I plug my network into the ASA5505, everyone in the office can browse without any problems. I plug it back into my 200A those same sites become unaccessible. Hopefully I' ll get a resolution soon or I' ll have to switch back to using Cisco devices.

Greetings! Im having some HTTPS issues as well. We have two 110C, in active-active cluster, working in v4.0,build0185,091020 (MR1 Patch 1) firmware version. We are testing a Protection Profile configured with Deep Scan active in HTTPS Content Filtering Mode. We need this feature up because i cant block HTTPS sites (like gmail or orkut, for example) with URL filter or even with Application Control, in some cases when the user is granted to acess Gmail, but not Google Talk. The thing is: when i set Deep Scan active, some HTTPS sites (mostly banking) doesn' t work and MSN users can' t log on. Anybody using Deep Scan who can give me some help?

I was having the exact same issue. My issue was never resolved. As you can see in my posts above, my 200A ran perfectly for 6 months. Then something changed over Thanksgiving break and we started having all sorts of HTTPS sites blocked as well as msn and other various sites. After a week of troubleshooting, my company could no longer afford to be blocked from banking sites so I ended up replacing the 200A with a backup Cisco ASA 5505 and everything works fine. At this point support has instructed me to reset the firewall to factory defaults and reconfigure it back to how it was before Thanksgiving. I haven' t had the time yet to reset it to factory.