SSL Deep Inspection create Internet issue for Smartphones.
I am using fortigate 60F Firewall and i have enables SSL Deep packet inspection i have installed certificate on almost all devices, however , Smartphone devices giving internet access as soon as I activate any security profile such antivirus, ips etc.
I even installed Certificate on mobile devices but still an issue.
deep inspection (DPI) generally is difficult with unmanaged clients like BYOD devices, smartphones, often are.
You may be able to check with an Android app "pcapdroid" to create a packet capture per app when you get this displayed. It could be that your FortiGate is not sending the intermediate CA certificate that you might have/need and the client needs this.
To verify a certificate the client will also need to complete a chain of certificates.
Server certificate > intermediate certificate(s) > Root CA
A pcap will show this easier (if the TLS version is 1.2 or lower).
Quick idea is, if you have the intermediate, install it on the FortiGate certificate/CA store and FortiGate should automatically send it.
Even though I have seen the Androids causing trouble with this, but there is a good change I might not have it done right in the past.
I installed certificate in trusted root CA , the error it shows on mobile devices as a popup that some apps will not work and Apps like linkedin, tiktok is not working even there is no application blocked in app profile.
What i have to do is create a rule to not inspect the apps such as linkedin and titkok some others.
Thank you for posting to the Fortinet Community Forum.
Problem Description:- SSL Deep Inspection create Internet issue for Smartphones.
As per your description you are facing internet issue for smartphone if you enable deep inspection in the policy
Please confirm whether you have install the deep inspection certificate and its CA cert in the smart phones Are you facing issue with windows PC in the same subnet? Please share the policy configuration. Also can you share the snapshot of the error you are getting in your smartphones. Is the issue for all smartphones or only few users