Hello everybody, I recently posted a similar question about Forticlient EMS deep inspection. I'm posting a new one adding some (I hope) useful informations.

A client is working from home and is using Forticlient.

On the Forticlient EMS, web filtering is enabled with deep inspection. In this kind of scenario, Fortigate is not involved in any way.

Some sites are giving problems.

For example, a particular site, onesignal.com, when deep inspection is enabled, is blocking the client:

Nothing but a generic error about my IP address. If deep inspection is disabled, everything works fine, so I think deep inspection is causing the issue.

I also believe that the problem is not Forticlient itself, but how different authenticator providers are reacting (above is an example, but sometimes cloudflare gives the same problem, signaling my IP as suspect).

I tried to exclude the site from web filtering, but I think that deep inspection comes before filtering, so the issue remains.

On the EMS, to re-encrypt the traffic, I'm using the certificate I imported from Fortigate:

Is there any way to resolve the issue? Should we wait for some update? I read something about TLS 1.3 ECH, but that guides are about Fortigate, not Forticlient.

Do you have any idea? Do you think the problem is caused by the TLS 1.3 Encrypted Client Hello? Is there something else?

Thanks for your support