- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Google Chrome Kyber Issues
Hello guys!
I am facing serious problems with Google Chrome Kyber. Specifically on 40F series. I have a couple of firewalls on 3 different versions (7.4.3, 7.4.4 and 7.4.5). Each of them has issues but with different behavior:
Google Kyber Issues
Slowness to open websites or pages that won´t load.
7.4.3 - Google Kyber problem
Which feature is impacting? Web Filter
Solutions:
1. Disable Web filter
2. disable Google Chrome Kyber
3. Adjust tcp-mss-sender and receiver to 1450 in the policy
7.4.4 - Google Kyber problem
Which feature is impacting? Application Control
Solution:
1. Disable Application Control
2. Disable Google Chrome Kyber
Adjusting tcp-mss-sender/receiver doesn´t work
7.4.5 - Google Kyber problem
Which feature is impacting? Application Control
Solution:
1. Disable Application Control
Disabling Google Chrome Kyber doesn´t work
Adjusting tcp-mss-sender/receiver doesn´t work
I am migrating a lot of customers from other vendor to Fortigate with Fortimanager and trying to follow a default firmware version to use to all my customers.
I´m start to think that 7.4 fortiOS isn´t a good idea and I´m a little bit worried about it.
Anyone has these kind of problems?
Maybe it´s worth downgrade to 7.2 version?
Thanks!
Mantovani
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe the problem may be related to the Kyber Support implemented in Chrome for TLS 1.3. Review the Chrome flags to verify the configuration. You can do this by navigating to "chrome://flags/#enable-tls13-kyber.".
Try disabling that option and see if the issue is resolved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi please refer to this article below and also make sure your IPS version is updated
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-pages-not-loading-or-taking-too-...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the replies. I know the problem is in the Kyber. I don´t wanna to setup a GPO to disable this feature.
As I told you, on version 7.4.3 I can solve this problem adjusting the tcp-mss-sender/receiver and works fine, but in version 7.4.4 and 7.4.5 it didn´t work.