FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rsagar_FTNT
Staff
Staff
Description
On applying SSL deep inspection profile to the security policy, GoToMeeting stops working.

Solution
Citrix have made certain changes with their servers which render connection attempts made by devices whose traffic has been inspected by firewall to be dropped.

To work around this, traffic for these Citrix servers needs to be exempted from SSL inspection.

This can be done as follows.

Versions prior to 5.2

1) Go to Security Profiles > Web Filter > Profiles, select the Web Filter profile.

2) Turn on “Enable Web Site Filter”.

3) Add two new wild card entries.  These will instruct the FortiGate to bypass UTM filtering for any web pages that contain 'gotomeeting' or 'citrixonline' in their names.

rsagar_FD38882_tn_FD38882-1.jpg

Versions 5.2 and later

In the SSL inspection profile (deep inspection profiles) that are being used, add the two FQDN objects 'gotomeeting' and 'citrix' to the ssl-inspection exempt list.

1) Go to Policy and Objects > SSL inspection profile that is being used on the security policy.

2) Go to Exempt from SSL inspection and in the Addresses tab, add Gotomeeting and Citrix.

Contributors