FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the issue of Iphone and Ipad devices accessing to a website that is being protected by FortiGate web filter with SSL Full Inspection.
Iphone and Ipad users will get an error prompt of 'Untrusted security certificate'.
This is a known behaviour with FortiGate CA certificates on IOS devices where it is not able to locate the intermediate CA and will show an error message.
FortiGate and IOS Mobile Devices.
Download the FortiGate CA from the Web Based Manager (GUI).
- Go to System -> Certificates -> Local Certificates.
- Select Fortinet_CA_SSLProxy (this applies to another certificate that needs to be used for SSL inspection).
- Click on Download.
- Save the file Fortinet_CA_SSLProxy.cer (or any other related CA file if another certificate needs to be used).
Follow below steps to import FortiGate’s CA certificate into IOS device:
1) Download the IPhone configuration utility. 2) Make sure the certificate is installed on the machine. 3) Launch the tool. 4) Select the configuration profiles workspace area. 5) Click the new button. 6) Under 'General', select a name such as 'Root Certificate Trust', and all other mandatory fields. 7) Select the credentials area, and click the configure button. 8) Select the certificate to trust, then click OK. 9) Connect the iOS device. 10) The device will show under Devices.Select it. 11) Select the devices Configuration Profiles tab. 12) The new profile will be displayed. Click Install. 13) A message will be displayed on the iOS device prompting the user to click Install. Click Install on the device. 14) Click install now to the confirmation. 15) Pass code will be requested, then the screen will change to profile installed. Click the Done button
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.