Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Contributor III

7.0.4 - break Proxy inspection



yesterday I upgraded FG200E to version 7.0.4.

In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well.
Once I've adjusted the Policy to flow (and all UTMs), everything works.


There wasn't much time to find out why it behaves like this, I'll continue this weekend.


Has anyone tried to deploy 7.0.4?



New Contributor II

Upgraded to 7.0.5 last night and turned APP and IPS inspection back on. Seems fine now.


Same here with 601E, 100E, 101F and 81F. Updated to 7.0.5 last night and seems fine.

New Contributor

working fine now, thank you

New Contributor

Upgrade to 7..0.5 and not working. Lost connexions randomly. It's disaster. I rollback to 7.0.1 and working fine.



Do you have updated configuration details, or submitted a Ticket? 
Can you share your V7.0.5 configuration to us(





Sorry for delay of response. We are  in HA active/active configuration 7.0.1. We tried tu update before to 7.0.3 and rollback it because we have weird behavior on GUI ( time not be seen, replaced by special caracters). We tried 7.0.4 and rollback it because we had some issues mentioned here. We tried 7.0.5 and rollback it because issues not resolved. We'll wait next release to fix all. 7.0.1. is a best stable release fur us. 

New Contributor

Upgraded to 7.0.5
It initially seemed to work fine

After a few hours we encountered performance issues on rules with proxy mode and SSL inspection

New Contributor

hey, just in case anyone is still going through this.. I narrowed this down to a protocol options setting. I have not yet determined specifically which one, but if i switch it from my custom one used for proxy a/v to a custom ports allowed configuration, proxy mode deep inspection works with any profile. 


So something in there breaks it.

Top Kudoed Authors