Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ankit1
New Contributor

Created on ‎06-28-2023 12:03 AM

Application control block zoom app

Hi All,

We have Fortigate 100D model with 6.2.15 version, recently we are facing issue with zoom app while accessing it and getting the below error.

 
 

zoom_error.png

 

We have validate the certificate on fortinet, its not expired and valid as well. Tried to download the certificate which are we using security profile as 'certificate inspection' in policy and inspection mode is set to proxy mode and added this certificate to the browser as well but no luck. When we changed inspection mode to flow based it started working as expected. But we want it should work on proxy mode with security profile as "certificate inspection'.

Could you please provide the solution?

Labels:
2953
0 Kudos
14 REPLIES 14
sw2090
SuperUser
SuperUser

Created on ‎07-03-2023 01:31 AM

yes it needs to be installed into the certificate space "trusted certificate authorities" on your client(s).

Once this is achieved the browsers will trust that certificate because they will trust the CA.

That is because of basic functionallity of ssl deep inspection:

DPI is a man-in-the-middle thingy. The FGT will have to decrypt the encrypted https/ssl traffic to be able to inspect it with its filters. Afterwards it will have to re-encrypt it since the client expects encrypted traffic. Since it cannot do re-encryption using the original certificate - because it doesn't have the private key - it will use the CA you set in Deep Inspection Profile to create and sign a new certificate that has the original DN/SAN in it and use that to re-encrypt the traffic. Then if you haven't installed the CA as trusted CA the browswer on the client will not trust this certifcate for it is not signed by a trusted CA.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
696
0 Kudos
saneeshpv_FTNT
Staff
Staff

Created on ‎07-03-2023 05:27 AM

Hi Ankit,

 

A Quick update here,

 

CSB has been published for this issue. 
https://support.fortinet.com/Information/Bulletin.aspx
 
Customer Support Bulletin CSB-230629-1

 

Regards

689
0 Kudos
Ankit1
New Contributor

Created on ‎07-03-2023 05:53 AM

Hi All,

Thanks for supporting. The got resolved now:)

686
0 Kudos
Stephan3tha
New Contributor

Created on ‎07-03-2023 07:25 AM Edited on ‎07-04-2023 04:19 AM

To block the Zoom application on your computer, you can utilize application control or blocking features available in certain security software or parental control tools. The specific steps may vary depending on the software you are using, but here is a general guide to help you through the process. First, identify the software or tool you are using for application control or blocking. It could be a third-party security software or built-in parental control settings on your operating system. Open the software or access the settings panel where you can configure application control or blocking.

Next, look for an option that allows you to add or block specific applications. This feature might be labeled as "Application Control," "Program Blocking," or something similar. Locate this option within the software's interface. 

679
0 Kudos
Dan_Eng52
Contributor

Created on ‎07-10-2023 03:17 AM

Hi Ankit1, 

 

I hope you're well. 

 

You want to download the Fortinet_CA_SSL and install this on the endpoint not the Fortinet_CA_Untrusted you previously tried. I would clear the SSL cache on the device and then install that certificate and that will do the trick and resolve the certificate error

 

Regards, 

Dan. 

 

 

645
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.