Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Netadmin-Japfa
New Contributor III

FORTIGATE-AWS GWLB having issue with https ssl blocking with probe cert failed

Dear All, 

 

We want to implement FORTIGATE-AWS GWLB.

This is our reference.

https://aws.amazon.com/blogs/apn/centralized-traffic-inspection-with-gateway-load-balancer-on-aws/

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e129c4eb-867b-11eb-9995-005056...

 

But we having issue with https ssl blocking with probe cert failed both IN dan OUT https traffic to/from Internet.

The issue will happen when:

1. if policy using flow based mode, utm av+ips+ssl-inpsection, the traffic not block by ssl

2. if policy using proxy based mode, utm with av+ips+ssl-inpsection, the traffic block by ssl

3. if policy using proxy based mode, utm with  ssl-inspection only (no av, no ips), tthe traffic block by ssl

 

Already using cert-probe-failed ALLOW

According to this reference

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-HTTPS-port-443-traffic-when/t...

 

Now not blocking SSL, But..... the traffic IN and OUT , from / to INTERNET for https, is slow / not like normal behavior traffic if we test using curl from ec2 amazon Linux.

 

 

Did anyone having same issue?

How to resolve this?

 

 

 

 

 

2 REPLIES 2
Netadmin-Japfa
New Contributor III

This is what happen when using using 

policy using proxy based mode, utm with av+ips+ssl-inpsection, the traffic block by ssl

 

at VPC A, of EC2

ssm.jpg

Netadmin-Japfa
New Contributor III

can anyone help? Please...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors