- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Web Filtering HTTPS Option causing problems for m...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Filtering HTTPS Option causing problems for mixed content website
I have a website that my users visit that has problems when the HTTPS option is checked in the Profile for " Enable Fortiguard Web Filtering" . I' m not sure if I should blame Fortigaurd or the website. I' m using IE7.0 and the website refuses to work with Firefox or other browsers. I' ve tried one other mixed content website without a similar results. If anyone has another similar site to recommend for test purposes, please let me know. Also, could anyone let me know what the HTTPS option really does for me, since to my knowledge, URLs are always " in the clear" ? The manual doesn' t elaborate.
Here is how it should behave. When they visit webcontrol.avv.com, they are directed to the HTTPS login page. Once they login, the address line loses HTTPS, now HTTP, but certain elements of the page have HTTPS content. FYI, all the content seem to be on avv.com, not from other URLs.
With HTTPS option checked, the intial login comes up, but once they login, the browser returns an " Internet Explorer cannot display the webpage" error. Without closing the browser, if they reenter webcontrol.avv.com in the address line and click refresh, they get they page they should have gotten. However, while navigating in the website, any attempt to access information containing HTTPS content results in the affect frames displaying the same " cannot dislpay webpage" error. The only way to return to normal is to refresh the page. If I uncheck the HTTPS option, I am immediately able to navigate the site with no problems.
Any suggestions?
Thanks, Dave
Fortigate-200B 5.2.8 Build 727
Fortigate-200B 5.2.8 Build 727
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like you' re using a version of firmware that is dated. MR4 and newer should have taken care of this. MR4 is buggy, so I would say start with MR5. What model FGT, by the way...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' ve been using MR3 build 416 because its listed as " Most Stable Maintenance Release" . I' m using an FGT-100A, HA and VPN are not going to be used. Should I use MR5 Patch 3 or is there a reason I should go with one of the others?
Thanks,
Dave
Fortigate-200B 5.2.8 Build 727
Fortigate-200B 5.2.8 Build 727
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Like you, I was a cautious consumer. Upgrades in the past were buggy and untested endeavors adding ' features' that were problematic at best. I can assure you (and also by my signature) that since Fortinet' s strategy has been ' stability now, new features later' that the latest codes reflect bug fixes only. No new frills or ' bling' has been added to bugger up the code. MR3 was the first maintenance release that tried (emphasis on that word) to AV scan and rate HTTPS traffic. It didn' t work as designed. Recommendations at the time were to turn it off. MR4 was better, but MR5 is best. Much less memory intensive as well (at least better than MR4!).
Good luck.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the advice. I' ve been burned too many times trying the latest/greatest new thing (anyone remember MSDOS 6.0?). I' m loading MR5 patch 4 onto the FGT-200 I just replaced so I can check it out, and when I get some downtime, I' ll load it on the FGT-100A.
Thanks,
Dave
Fortigate-200B 5.2.8 Build 727
Fortigate-200B 5.2.8 Build 727
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I remember MS DOS 4.0 (I started with 3.01). I also remember the first Active Desktop! Came with IE 4.0. What a load of crap.....
One note: Your SSL-VPN tunnel policies will have to be sourced with ' any' instead of any other smaller subnets. One gotcha between MR3, and the latter.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Related Posts
- FortiOS 7.4.3 - 112 Cloud Applications... 173 Views
- Problem with deep inspection a some... 371 Views
- Fortigate and FortiAP Upgrade Recommendation 251 Views
- Webpage is not accessible // Opendns... 459 Views
- Policy based - URL categories does't... 1227 Views
Labels
-
FortiGate
6,426 -
FortiClient
1,281 -
5.2
801 -
5.4
639 -
FortiManager
558 -
6.0
416 -
FortiAnalyzer
409 -
5.6
362 -
FortiSwitch
330 -
FortiAP
323 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
102 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
81 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
IPsec
62 -
Wireless Controller
56 -
SSL-VPN
52 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
17 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
Interface
10 -
VDOM
10 -
FortiWeb v5.0
9 -
BGP
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
Traffic shaping
8 -
Virtual IP
8 -
RADIUS
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
NAT
6 -
IP address management - IPAM
6 -
SSID
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiAuthenticator
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
Security profile
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
Web application firewall profile
3 -
FortiToken Cloud
3 -
Automation
3 -
DoS policy
3 -
FortiTester
3 -
OSPF
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
Intrusion prevention
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.