In the previous version 7.0.1 I used proxy inspection + SSL deep inspection (certificate signed from AD). After the update (7.0.1 -> 7.0.3 -> 7.0.4) all policies in Proxy mode stopped working. Each browser returned an "err_ssl_protocol_error" error, but eg IMAPS, SMTPS worked well. Once I've adjusted the Policy to flow (and all UTMs), everything works.
There wasn't much time to find out why it behaves like this, I'll continue this weekend.
- the problem only appears when applying an APP or IPS profile on Proxy policy - I tried to create a new Policy - no change - I tried to change Deep Inspection to Certification Inspection - no change - everything is functional only with AV and WEB filtering
same here with 601E. Workaround was to change ssl-inspection Form Deep-inspection to certificate inspection. Weird is, that i Patched yesterday 17:00 But it stopped working today 13:00. No difference with flow of proxy based policys. No difference if i disable webfilter, AC, AV … My Only Chance was to disable Deep inspection
that's exactly how it worked for me. After the update everything worked but over time the Proxy Policy stopped working. So certification inspection doesn't work for me either. Last night I tried the box format installing 7.0.4 and restoring the configuration. It worked again for a while and this morning I'm getting "ERR_CONNECTION_CLOSED" from browsers (chrome, edge, firefox). I have create ticket also on TAC and waiting for response.
Proxy policy paradoxically only works with my AV profile for me. If I add APP or IPS - I end up with a browser error "ERR_CONNECTION_CLOSED". And it doesn't matter if I use deep inspection or certification inspection.
Having similar issue 7.0.4 on 600E. Changed outbound from Proxy to Flow and that is working for now. Issues started happening this afternoon. We went from 7.0.3 to 7.0.4 early this morning, then issue appeared later in the day.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.