- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7.0.4 - break Proxy inspection
Hello,
yesterday I upgraded FG200E to version 7.0.4.
In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well.
Once I've adjusted the Policy to flow (and all UTMs), everything works.
There wasn't much time to find out why it behaves like this, I'll continue this weekend.
Has anyone tried to deploy 7.0.4?
Jirka
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi darrendavey,
Thanks for your feedback, we have created a bug 0778659 to investigate this issue with the highest priority.
Thanks
Kangming
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ,
same issue for my 100E on 7.0.4 . Had to change to Flow Mode to start Browsing .I had created from scratch other Utm Profiles in Proxy which are worked for a couple of hours and then the same err_ssl_protocol_error. This is very important for us who are using deep inspection and hope to release soon the fix . By moving to Flow is just a temporary solution but breaks the security . Come on Support.. you fix smt and always you break smt that it works in the last 2 years updates .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
just to add my info on 7.0.4 FG300E
I get an error on every policy in proxy mode where application control is enabled.
I had to or disable application control or switch to flow mode.
Changing ssl inspection didn't help.
By.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have the same issue and we had to switch to flow mode. We urgently need to switch back to proxy mode. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same issue for us too.
We either had to switch to flow-mode or worse disable SSL inspection to get it back to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same problem here. FG600E running 7.0.4
Have to disable app and ips inspection on policies using proxy mode to be able to browse the web.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have same problems on FG1000D. Rolback to 7.0.3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet,
why isn't this critical bug added to Release Notes yet so that administrators don't update their boxes unnecessarily?
Is there a time estimate for 7.0.5?
But it amazes me that such a critical malfunction was not revealed in pre-release tests and end users have to do beta testers ... I'm still not used to it :\
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
The root cause of this issue has been found and will have a quick patch 7.0.5 next week.
Thanks
Kangming
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
BUG 778659 has been added to the known issues in the release note of V7.0.4.
Thanks
Kangming