Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ankit1
New Contributor

Application control block zoom app

Hi All,

We have Fortigate 100D model with 6.2.15 version, recently we are facing issue with zoom app while accessing it and getting the below error.

 
 

zoom_error.png

 

We have validate the certificate on fortinet, its not expired and valid as well. Tried to download the certificate which are we using security profile as 'certificate inspection' in policy and inspection mode is set to proxy mode and added this certificate to the browser as well but no luck. When we changed inspection mode to flow based it started working as expected. But we want it should work on proxy mode with security profile as "certificate inspection'.

Could you please provide the solution?

14 REPLIES 14
sw2090
SuperUser
SuperUser

yes it needs to be installed into the certificate space "trusted certificate authorities" on your client(s).

Once this is achieved the browsers will trust that certificate because they will trust the CA.

That is because of basic functionallity of ssl deep inspection:

DPI is a man-in-the-middle thingy. The FGT will have to decrypt the encrypted https/ssl traffic to be able to inspect it with its filters. Afterwards it will have to re-encrypt it since the client expects encrypted traffic. Since it cannot do re-encryption using the original certificate - because it doesn't have the private key - it will use the CA you set in Deep Inspection Profile to create and sign a new certificate that has the original DN/SAN in it and use that to re-encrypt the traffic. Then if you haven't installed the CA as trusted CA the browswer on the client will not trust this certifcate for it is not signed by a trusted CA.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
saneeshpv_FTNT

Hi Ankit,

 

A Quick update here,

 

CSB has been published for this issue. 
https://support.fortinet.com/Information/Bulletin.aspx
 
Customer Support Bulletin CSB-230629-1

 

Regards

Ankit1
New Contributor

Hi All,

Thanks for supporting. The got resolved now:)

Stephan3tha
New Contributor

To block the Zoom application on your computer, you can utilize application control or blocking features available in certain security software or parental control tools. The specific steps may vary depending on the software you are using, but here is a general guide to help you through the process. First, identify the software or tool you are using for application control or blocking. It could be a third-party security software or built-in parental control settings on your operating system. Open the software or access the settings panel where you can configure application control or blocking.

Next, look for an option that allows you to add or block specific applications. This feature might be labeled as "Application Control," "Program Blocking," or something similar. Locate this option within the software's interface. 

Dan_Eng52
Contributor

Hi Ankit1, 

 

I hope you're well. 

 

You want to download the Fortinet_CA_SSL and install this on the endpoint not the Fortinet_CA_Untrusted you previously tried. I would clear the SSL cache on the device and then install that certificate and that will do the trick and resolve the certificate error

 

Regards, 

Dan. 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors