Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor III

7.0.4 - break Proxy inspection

Hello,

 

yesterday I upgraded FG200E to version 7.0.4.

In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well.
Once I've adjusted the Policy to flow (and all UTMs), everything works.

 

There wasn't much time to find out why it behaves like this, I'll continue this weekend.

 

Has anyone tried to deploy 7.0.4?

 

Jirka

37 REPLIES 37
notrixx
New Contributor II

Upgraded to 7.0.5 last night and turned APP and IPS inspection back on. Seems fine now.

Hmichel

Same here with 601E, 100E, 101F and 81F. Updated to 7.0.5 last night and seems fine.

viktup
New Contributor

working fine now, thank you

VLOGIC
New Contributor

Upgrade to 7..0.5 and not working. Lost connexions randomly. It's disaster. I rollback to 7.0.1 and working fine.

Kangming

Hi VLOGIC,

Do you have updated configuration details, or submitted a Ticket? 
Can you share your V7.0.5 configuration to us(kmliu@fortinet.com)?

 

Thanks

Kangming

VLOGIC

Sorry for delay of response. We are  in HA active/active configuration 7.0.1. We tried tu update before to 7.0.3 and rollback it because we have weird behavior on GUI ( time not be seen, replaced by special caracters). We tried 7.0.4 and rollback it because we had some issues mentioned here. We tried 7.0.5 and rollback it because issues not resolved. We'll wait next release to fix all. 7.0.1. is a best stable release fur us. 

adb
New Contributor

Upgraded to 7.0.5
It initially seemed to work fine

After a few hours we encountered performance issues on rules with proxy mode and SSL inspection

unsecur3d
New Contributor

hey, just in case anyone is still going through this.. I narrowed this down to a protocol options setting. I have not yet determined specifically which one, but if i switch it from my custom one used for proxy a/v to a custom ports allowed configuration, proxy mode deep inspection works with any profile. 

 

So something in there breaks it.

Labels
Top Kudoed Authors