Activating IPS in a site policy causes problem

pipa_85 · ‎02-11-2022

Hello,

When the IPS is activated in the firewall site policy, this site becomes unreachable from the outside (from the internet).

The error below is displayed when trying to access this site;

This site can't be reached

(the site) Unexpectedly closed the connetion

When the IPS is desactivated, the site becomes accessible again
The problem occurs only for sites in https, It doesn't affect the sites that are in http even if the IPS is activated for those sites.

I would like to know why the IPS blocks access to sites that are accessible in https

The firewall Inspection mode : Proxy-based

I hope you will help me, thank you in advance

Debbie_FTNT · ‎02-11-2022

Hey pipa,

what firmware version is your FortiGate? If 7.0.4, there is a significant issue with proxy-mode inspection, check this forum thread: https://community.fortinet.com/t5/Fortinet-Forum/7-0-4-break-Proxy-inspection/td-p/203875

If you're using a different firmware version, it would be helpful to know the following:

- firmware version of your FortiGate

- does this happen with settings other than IPS, such as AV or Application Control?

- does this happen with the policy in flow-mode?

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

pipa_85 · ‎02-11-2022

Thank you for the answer, it's not me who manages the firewall, I manage the website
I will request this information from the firewall manager, I will keep you informed. Thank you.

ede_pfau · ‎02-13-2022

The moment you enable IPS, SSL inspection will be enabled as well. Depending on the settings, this might prevent connections to HTTPS sites.

You can create a 'no-inspection' custom SSL profile and test how this works out.

Ede Kernel panic: Aiee, killing interrupt handler!

Activating IPS in a site policy causes problem

Nominate a Forum Post for Knowledge Article Creation