Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dlarson
New Contributor II

Created on ‎04-22-2024 09:57 AM

FortiGate SSL Inspection suddenly breaking applications.

Hello!

 

Starting today, we're seeing multiple issues with the SSL DPI breaking quite a few applications in the org, that were working fine as of last week.

 

I'm having trouble locating any logs or details as to what or why this is occurring. 

 

Some examples are.

  • Printix Printing fails entirely
  • Slack - Pasting images fails
  • Zoom - Fails to connect to meetings

And other applications, such as browser add ons and such.

Disable SSL DPI fixes the issue immediately.

 

Logs are empty

Cert is still valid

Disable security controls individually does nothing

 

 

Does anyone have any thoughts, or some additional troubleshooting methods I can take?

Labels:
7287
13 REPLIES 13
AndreLo
New Contributor

Created on ‎04-22-2024 11:45 AM

We have here the same problem!!! 100F 7.0.14, today updated to 7.0.15 - problem persists!

We had to change the inspectionmode to flow-based and work only with certificate inspection!

5066
0 Kudos
dlarson
New Contributor II
In response to AndreLo

Created on ‎04-22-2024 03:06 PM

I by default have inspection mode set to Flow based. It seemed to logically be the better choice when reading documentation. We too are on cert inspection only at this point till the issue is resolved.

5033
0 Kudos
Shashwati
Staff
Staff

Created on ‎04-22-2024 12:14 PM

Are you using Proxy based mode on Firewall policy. Please check that Forti guard server is reachable from the Firewall properly

5060
dlarson
New Contributor II
In response to Shashwati

Created on ‎04-22-2024 03:09 PM

Flow-based mode. 

Fortiguard is reachable, and filtering services availability is up before & after test connection. 

5031
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎04-22-2024 12:44 PM

Hi

What is the result if you enable DPI and allow all applications?

AEK
AEK
5053
dlarson
New Contributor II
In response to AEK

Created on ‎04-22-2024 03:10 PM

Any form of DPI enabled breaks. For example. DPI & AV (with applications feature being turned off).

5029
0 Kudos
AndreLo
New Contributor

Created on ‎04-23-2024 01:15 AM

Hi,

we also have this problem with some users who use the explicit proxy. Naturally, this cannot be switched to flow mode. Disabling certificate inspection alone does not help. Disabling all NGFW features (antivirus, WAF etc.) does not help either! So - No workaround for this users! FW: 100F with 7.0.15, Location Germany

4937
0 Kudos
hbac
Staff
Staff

Created on ‎04-23-2024 07:41 AM

Hi @dlarson,

 

Have you checked SSL Security Event logs? 

 

Regards,

4908
0 Kudos
dlarson
New Contributor II
In response to hbac

Created on ‎04-23-2024 10:54 AM

Yeah, no luck there. No indication of any issues. 

4887
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.