SSL inspection cause IE to give TLS errors

Forum|Forum|8 years ago
November 28, 2017
1 reply
12475 views

Our locations are locked down by their FortiGates fairly rigidly (FortiOS 5.0.14). We have one site that has recently been being blocked that is regularly used (www.concursolutions.com). This has always been part of our web filter whitelist. We are finding that It can only be gotten through the firewall when SSL inspection is disabled. I have tried adding policies before the primary internet traffic policy point to the site as well as its CRL location, and it DNS records IP address for both default and www (point to Microsoft). None of this works. TLS is already all checked by default at all locations in IE (no other browser can be installed, nor do they have permission to do so). Since it is below 5.2, there is no way to add SSL inspection exemptions. Any thoughts on how to achieve this would be greatly appreciated.

emnoc

New Member

Did you run diag debug flow? Why are you on 5.0.14? Can you get into 5.2.12?

BBoozerAuthor

New Member

No, I did not, and upgrading 350 firewalls for a web page is out of the question. What could be garnered by this?

emnoc

New Member

No, I did not, and upgrading 350 firewalls for a web page is out of the question. What could be garnered by this?

Staying current within FortiOS, for one.

Using a version that more new and current, for two.

Using a version of firmware that still under development, for three.

Using a version of firmware that has made numerous fixes & in regards to ssl-inspection, for four.

I'm sure v5.0.x train is End or life and|or develpoment, for my fifth and last reason

Do I need to list more reasons? Since it this one, I would start with a diag debug flow and see what the output shows

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded