- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7.0.4 - break Proxy inspection
Hello,
yesterday I upgraded FG200E to version 7.0.4.
In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well.
Once I've adjusted the Policy to flow (and all UTMs), everything works.
There wasn't much time to find out why it behaves like this, I'll continue this weekend.
Has anyone tried to deploy 7.0.4?
Jirka
- Labels:
-
FortiGate
- « Previous
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgraded to 7.0.5 last night and turned APP and IPS inspection back on. Seems fine now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same here with 601E, 100E, 101F and 81F. Updated to 7.0.5 last night and seems fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
working fine now, thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrade to 7..0.5 and not working. Lost connexions randomly. It's disaster. I rollback to 7.0.1 and working fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi VLOGIC,
Do you have updated configuration details, or submitted a Ticket?
Can you share your V7.0.5 configuration to us(kmliu@fortinet.com)?
Thanks
Kangming
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for delay of response. We are in HA active/active configuration 7.0.1. We tried tu update before to 7.0.3 and rollback it because we have weird behavior on GUI ( time not be seen, replaced by special caracters). We tried 7.0.4 and rollback it because we had some issues mentioned here. We tried 7.0.5 and rollback it because issues not resolved. We'll wait next release to fix all. 7.0.1. is a best stable release fur us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgraded to 7.0.5
It initially seemed to work fine
After a few hours we encountered performance issues on rules with proxy mode and SSL inspection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey, just in case anyone is still going through this.. I narrowed this down to a protocol options setting. I have not yet determined specifically which one, but if i switch it from my custom one used for proxy a/v to a custom ports allowed configuration, proxy mode deep inspection works with any profile.
So something in there breaks it.
- « Previous
- Next »