Dear All,
We want to implement FORTIGATE-AWS GWLB.
This is our reference.
https://aws.amazon.com/blogs/apn/centralized-traffic-inspection-with-gateway-load-balancer-on-aws/
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e129c4eb-867b-11eb-9995-005056...
But we having issue with https ssl blocking with probe cert failed both IN dan OUT https traffic to/from Internet.
The issue will happen when:
1. if policy using flow based mode, utm av+ips+ssl-inpsection, the traffic not block by ssl
2. if policy using proxy based mode, utm with av+ips+ssl-inpsection, the traffic block by ssl
3. if policy using proxy based mode, utm with ssl-inspection only (no av, no ips), tthe traffic block by ssl
Already using cert-probe-failed ALLOW
According to this reference
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-HTTPS-port-443-traffic-when/t...
Now not blocking SSL, But..... the traffic IN and OUT , from / to INTERNET for https, is slow / not like normal behavior traffic if we test using curl from ec2 amazon Linux.
Did anyone having same issue?
How to resolve this?
