Created on 10-17-2011 06:59 AM Edited on 06-09-2022 09:06 PM By Anonymous
Description
This article explains how to avoid 'invalid certificate' messages when using NTLM authentication on the FortiGate.
Scope
FortiOS all versions.
Solution
config firewall policy edit 4 set srcintf "port13" set dstintf "port14" set srcaddr "DHCP INTERNAL" set dstaddr "all" set action accept set ntlm enable set fsso enable set identity-based enable config identity-based-policy edit 3 set schedule "always" set logtraffic enable set utm-status enable set groups "Internet Access Denied" set service "HTTP" "HTTPS" set webfilter-profile "BlockAll_WebFilter" set profile-protocol-options "Global_Protocol" next edit 1 set schedule "always" set logtraffic enable set utm-status enable set groups "Internet Social Allowed" set service "ANY" set av-profile "Global_AV" set webfilter-profile "Social" set ips-sensor "all_default_pass" set application-list "Standard_Apps" set application-charts top10-app top10-p2p-user top10-media-user set profile-protocol-options "Global_Protocol" next edit 2 set schedule "always" set logtraffic enable set utm-status enable set groups "Domain Users" set service "ANY" set av-profile "Global_AV" set webfilter-profile "NoSocial" set ips-sensor "all_default_pass" set application-list "Standard_Apps" set application-charts top10-app top10-p2p-user top10-media-user set profile-protocol-options "Global_Protocol" next end |
config firewall profile-protocol-options edit "Global_Protocol" set ssl-invalid-server-cert-log enable config http set port 80 set options clientcomfort set comfort-interval 1 set comfort-amount 2048 unset post-lang set oversize-limit 2 end config https set port 442 set options allow-invalid-server-cert unset post-lang set oversize-limit 1 end |
Solution for to FortiOS 5.2:
config user setting set auth-ca-cert ca_certificate_name end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.