Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AMSIT
New Contributor

Forticlient VPN webfilter problem - Chrome

I'm having an odd issue with the forticlient web filtering. For some reason it suddenly has broken all https on Chrome. Seems to be ok on Edge and Firefox. I've uninstalled and reinstalled it a few times but it doesnt seem to help.  With the vpn client uninstalled Chrome works fine so it appears to be to do with the web filter extension?

 

Current version in use is 7.0.9.0493 Extension shows as version 7.2.3.929 (web filter)

 

Error is just:

This site can’t be reached

login.microsoftonline.com took too long to respond.

Try:

ERR_TIMED_OUT

 

13 REPLIES 13
vmiro
New Contributor

Hi, I have exactly the same issue on three locations but for the users on local network. They can't access some https websites (Facebook, Instagram...) with Chrome. On FF and Edge it works with no problem.

We are using webfilter and deep SSL inspection.

As far as I can see Chrome had an update yesterday.

AMSIT
New Contributor

yep and Chrome updated again today.  I am starting to think its the webfilter plugin thats the problem.

LarsF
New Contributor

Problem is with the inspection and webfiltering in combination to latest chrome browser version Versie 122.0.6261.70 (Officiële build) (64-bits). We see it together with forti os 6 as 7. All other browsers don't have the issue. We use different browser like edge atm at workaround. Other fix is to temporary overrule /whitelist the website like facebook or whatsapp / instagram in the webfilter. 

i have made ticket about it to have a proper fix for this issue. Still waiting on reply from Fortinet support

vmiro
New Contributor

We tried disabling webfilter on the policy but the problem persisted. Then, we disabled a deep SSL inspection with webfilter enabled, and we got Chrome working...but, that is not the solution...

LarsF
New Contributor

It seems the SSL inspection is indeed the problem but disable it is indeed not a good solution as it effects to much. For now i suggest if people need to acces the META websites to use temporay a different browser till its fixed. That way there is no need to adjust the config of the fortigate.

vmiro

We tried with that, still doesn't work :(

llewesc1
New Contributor II

We're seeing the same behaviour, our internet browsing policy is blocking some sites (e.g. Instagram, Facebook) when users are in Chrome, but not while using Edge. The sites should be allowed as they are not blocked. This is on a FortiGate 600E with 7.4.3, we are not using the FortiClient. Chrome appears to be the browser affected. Edge works regardless. If we change "Full SSL Inspection" to SSL Certificate Inspection" within the SSL Inspection security profile it works fine. Also, with Full Inspection enabled, if we change the policy from Proxy-based to Flow-based it works. Reviewing the security logs, Edge seems to use the urlmonitor and passes, whereas Chrome hits the webfilter and fails due to a "warning" level (unknown-ce). We have engaged support.

vmiro
New Contributor

Solved by adding an exempt to deep inspection profile:

*facebook.com
*fbcdn.net
*instagram.com

llewesc1
New Contributor II

Adding exemptions is a workaround. The issue appears to be related to Meta and specifically Zstandard (ZSTD - https://facebook.github.io/zstd/). I'm not sure if FortiOS supports ZSTD yet and I am waiting to hear back from TAC on what they think the issue might be; however, I did find by adding a registry key in Windows to disable ZSTD in Chrome (https://chromeenterprise.google/intl/en_ca/policies/#ZstdContentEncodingEnabled), it allows us to get to the sites now, but again, this is a workaround. In the end I am looking for a root cause and proper fix, not workarounds, I will keep all posted with what TAC comes back with.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors