Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor II

7.0.4 - break Proxy inspection

Hello,

 

yesterday I upgraded FG200E to version 7.0.4.

In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well.
Once I've adjusted the Policy to flow (and all UTMs), everything works.

 

There wasn't much time to find out why it behaves like this, I'll continue this weekend.

 

Has anyone tried to deploy 7.0.4?

 

Jirka

36 REPLIES 36
Kangming

Hi darrendavey,

 

Thanks for your feedback, we have created a bug 0778659 to investigate this issue with the highest priority. 

 

Thanks

Kangming

DVarouxis
New Contributor

Hello ,

 

same issue for my 100E on 7.0.4 . Had to change to Flow Mode to start Browsing .I had created from scratch other Utm Profiles  in Proxy which are worked for a couple of hours and then the same err_ssl_protocol_error.  This is very important for us who are using deep inspection and hope to release soon the fix . By moving to Flow is just a temporary solution but breaks the security  . Come on Support.. you fix smt  and always you break smt that it works  in the  last 2 years updates .

itserv

Hi,

 

just to add my info on 7.0.4 FG300E

 

I get an error on every policy in proxy mode where application control is enabled.

I had to or disable application control or switch to flow mode.

Changing ssl inspection didn't help. 

 

By.

ClaudioPersico
New Contributor

We have the same issue and we had to switch to flow mode. We urgently need to switch back to proxy mode. Thanks

dclabs
New Contributor

Same issue for us too.

We either had to switch to flow-mode or worse disable SSL inspection to get it  back to work.

notrixx
New Contributor II

Same problem here. FG600E running 7.0.4

Have to disable app and ips inspection on policies using proxy mode to be able to browse the web.

dtesarik
New Contributor

We have same problems on FG1000D. Rolback to 7.0.3

Jirka1
Contributor II

Fortinet,

why isn't this critical bug added to Release Notes yet so that administrators don't update their boxes unnecessarily?
Is there a time estimate for 7.0.5?

 

But it amazes me that such a critical malfunction was not revealed in pre-release tests and end users have to do beta testers ... I'm still not used to it :\

Kangming

Hi 

 

The root cause of this issue has been found and will have a quick patch 7.0.5 next week. 

 

Thanks

Kangming

Kangming

Hi

 

BUG 778659 has been added to the known issues in the release note of V7.0.4.

 

Thanks

Kangming