Description
This article describes how to address an issue where the replacement page loads without pictures when policy inspection mode is proxy.
VS 
Scope
For version 6.2.8 and above.
For version 6.4.6 and above.
Solution
Pictures from replacement pages are stored in the special URL 'globalurl.fortinet.net:8008/XX/YY/ZZ/CI...' which communication is not being forwarded to the real server but to the firewall itself. Since the original communication is over HTTPS this connection is protected by the certificate as well, where the firewall uses its own CA certificate and if the client do not trust it, he won't be able to see the pictures due to a certificate error.
There are 2 ways how this situation could be resolved:
- Deploy the firewall CA certificate into the browser trust store
- Import own domain trusted CA certificate with its private key into the firewall and use it for resigning this kind of communication:
This article describes how to address an issue where the replacement page loads without pictures when policy inspection mode is proxy.
VS Scope
For version 6.2.8 and above.
For version 6.4.6 and above.
Solution
Pictures from replacement pages are stored in the special URL 'globalurl.fortinet.net:8008/XX/YY/ZZ/CI...' which communication is not being forwarded to the real server but to the firewall itself. Since the original communication is over HTTPS this connection is protected by the certificate as well, where the firewall uses its own CA certificate and if the client do not trust it, he won't be able to see the pictures due to a certificate error.
There are 2 ways how this situation could be resolved:
- Deploy the firewall CA certificate into the browser trust store
- Import own domain trusted CA certificate with its private key into the firewall and use it for resigning this kind of communication:
# config web-proxy global
set ssl-ca-cert <imported_ca_cert>
end
