Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gonzalezw
Staff
Staff

Created on ‎03-28-2024 10:11 PM Edited on ‎03-26-2025 11:15 PM By Moderator

Article Id 307182

Troubleshooting Tip: The Dropbox desktop app does not work when Deep Inspection is enabled on the FortiGate Firewall Rule

Description This article describes that the Dropbox desktop app does not work when Deep Inspection is enabled on the FortiGate Firewall Rule.
Scope FortiGate and Windows OS.
Solution

When installing the Dropbox desktop app on a Windows machine, with deep inspection enabled in the firewall policy from LAN to WAN, Dropbox may fail to function. The desktop app does not open or continuously spin without displaying the login screen.

 

This behavior is typically due to Full SSL inspection being enabled. Dropbox uses end-to-end encryption(E2EE) to secure communications. Full SSL Inspection decrypts and re-encrypts traffic, which can break E2EE. For more information on the differences between SSL Certificate Inspection and Full SSL inspection, refer to this related article:

Technical Tip: Differences between SSL Certificate Inspection and Full SSL Inspection

 

The Dropbox team recommends whitelisting a list of domains in FortiGate. It is possible to find the list of official Dropbox domains here: What official domains does Dropbox use?.

 

To whitelist these domains in the SSL INSPECTION security profile under 'Exempt from SSL Inspection', follow these steps:

 

  1. Create  addresses objects using the Dropbox Domain list What official domains does Dropbox use?  as FQDN:


dropbox2.png

 

  1. Once each object has been created individually, add them into a single group:

 

dropbox3.png

 

  1. Now that the address group is created, the deep inspection profile will be cloned since the default profile cannot be edited:

 

dropbox4.png

 

  1. Add the group created above to the 'Exempt from SSL Inspection' in the 'SSL/SSH inspection' of the 'Clone of deep-inspection' profile under 'Security Profile' in the firewall.

 

dropbox5.png

 

  1. Select 'OK' to save the changes. Test again on the Windows computer.
1540
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.