- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate as Web-Proxy
Hi guys,
today i setup web proxy feature on my fortigate, and its working as expected. i cannot browsing to internet without setting my browser proxy. but i found a problem when i open my outlook, which is everytime i open my outlook a certificate prompt always shows up and even i have install the certificate the certificate prompt keeps pop ups when i re-open the outlook, but when i disable proxy setting on control panel i can open outlook without any problem. is this problem comes from the fortigate or not ? need advice
thanks and best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What kind of mail provider is behind the outlook mailbox? Exchange or an external provider?
Are you using a deep inspection SSL inspection profile?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi gschmitt thanks for the fast respone,
im using exchange and yes i also using deep inspection SSL profile
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
blackmail88 wrote:hi gschmitt thanks for the fast respone,
im using exchange and yes i also using deep inspection SSL profile
When using SSL deep inspection you need to import the CA certificate of the FortiGate onto your client PC's.
To download the CA certificate you might need to add it to the GUI first.
Go to system -> config -> Features and turn on certificates
Go to system -> certificates and download the CA certificate.
Import it as a trusted root certificate on your client (google for instructions since it is different per OS and device)
NOTE: You might want to create a custom CA certificate to do do deep inspection since you are not sure if you can trust the pre installed one ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
How do you configure your browser (wpad, proxy.pac or GPO) ?
Your exchange is in your LAN network ? if yes, you need to specify that destination traffic within the local network don't pass through your proxy.
Lucas