In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well. Once I've adjusted the Policy to flow (and all UTMs), everything works.
There wasn't much time to find out why it behaves like this, I'll continue this weekend.
Sorry for delay of response. We are in HA active/active configuration 7.0.1. We tried tu update before to 7.0.3 and rollback it because we have weird behavior on GUI ( time not be seen, replaced by special caracters). We tried 7.0.4 and rollback it because we had some issues mentioned here. We tried 7.0.5 and rollback it because issues not resolved. We'll wait next release to fix all. 7.0.1. is a best stable release fur us.
hey, just in case anyone is still going through this.. I narrowed this down to a protocol options setting. I have not yet determined specifically which one, but if i switch it from my custom one used for proxy a/v to a custom ports allowed configuration, proxy mode deep inspection works with any profile.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.