Technical Tip: Local user still able to access internet without authenticating after upgrade to v7.4.11.

achu · ‎10-14-2025

Description

This article describes that the local user can access the internet without properly authenticating from the browser. Local users are configured in a transparent policy for active authentication.

Scope

FortiProxy v7.4.11, v7.6.x.

Solution

When certificate inspection is used in v7.4.11, users can bypass the authentication and will be able to continue to browse the internet. When deep packet inspection is used for SSL inspection, profile users will be prompted and required by username and password and will not be able to browse successfully until properly authenticated. The issue is caused by a known issue in v7.4.11 and v7.6.x. This issue is planned to be fixed in v7.6.5.

Workaround:

Downgrade to v7.4.10.
Use deep packet inspection for an SSL inspection profile instead of certificate inspection.

To verify if the behavior matches this bug, open a Support Case Ticket and share the following output command in a .txt file/format:

diagnose debug console timestamp enable
diagnose wad debug enable category all
diagnose wad debug enable level verbose
diagnose wad debug display pid enable
diagnose wad filter src <src ip of affected device>
diagnose debug enable

To disable debug:

diagnose debug reset

diagnose debug disable

Technical Tip: Local user still able to access internet without authenticating after upgrade to v7.4.11.

You are leaving our website