Hi all,
Generally new with Fortigate and its products. I feel like I have EMS handled well but now with fortianalyzer its a whole new field. In our logs we are getting absolutely spammed with "Server certificate is re-signed as untrusted, certificate-status: untrusted with reason: {} " notifications after I allowed our EDM (bitdefender) to enable a policy to use TLS 1.2.
I am unsure how to resolve this issue and I am not even sure IF I should resolve it or edit the analyzer to ignore this. I can see how to revert the encryption support policy on local gp editor but cant find it on the global gpo on our domain controller, not exactly sure how our bitdefender is doing it for all devices but that is something I will be looking into shortly.
My question is: Should I find a way to re-disable the TLS encryption on all devices to stop this error from showing up in our logs? or should I disable the error or mark it as false positive? I cant find out much detail on fortianalyzer from the error in the log but according to the email it sends, it seems like bing.com is the only site thats mentioned in these errors.
Thank you,
#Fortianalyzer
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello IT_N00b,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for an answer to your question.
We will come back to you ASAP.
Thanks,
Hello IT_N00b,
I discussed this with an engineer and it appears that there is no documentation that can help you.
The best would be to ask assistance here: https://www.fortinet.com/support/contact
I hope your issue will be fixed soon and let us know if you find a solution meanwhile.
Regards,
Hi @IT_N00b
This is a Fortigate issue and not a FAZ issue, the Fortianalyzer displays the logs that are coming from the Fortigate.
When the Untrusted SSL certificate setting is set to Allow and Fortigate detects an untrusted SSL
certificate, Fortigate generates a temporary certificate signed by the built-in Fortinet_CA_Untrusted
Certificate. Fortigate then sends the temporary certificate to the browser, which presents a warning
to the user indicating that the site is untrusted. If Fortigate receives a trusted SSL certificate, then
it generates a temporary certificate signed by the built-in Fortinet_CA_SSL and sends it to the browser.
If the browser trusts the Fortinet_CA_SSL certificate, the browser will complete the SSL handshake.
This is expected behaviour.
you can test that by:
- disable all UTM features on the Policy, the issue should disappear.
- change the policy to flow based and modify the UTM features accordingly, the issue should disappear.
If you have any furthur questions on this issue, kindly contact Fortigate support for assistance.
Thank You!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.