Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raffaeledp
Contributor

Created on ‎10-10-2025 06:05 AM

Is the Forticlient deep inspection a problem?

Hello guys,

I'm working on a Forticlient EMS system.

In the last year I noticed that some sites deny the user access.

I explain myself:

 

23a71052758068537ef946c72328e9e5bfe5aaa7.jpeg

sometimes the cloudflare captcha denies (the image above is just an example from internet) the user access to the websites (ChatGpt is one of them).

Now, the same is appening with the onesignal.com site:

Screenshot 2025-10-10 alle 15.00.00.png

on the EMS I have a web filtering profile with deep inspection enabled:

Screenshot 2025-10-10 alle 15.02.02.png

now, If I am not mistaken, the deep inspection makes forticlient decrypting and re-encrypting the traffic with its own certificate. I believe that this is causing the issue, but please correct me if I'm wrong.

I also added the onesignal.com site to the exemption from the web filtering, but the issue is the same.

Is anybody of you experiencing the sam issue? Any idea to solve it?

Thank you for your support.

 

RDP
RDP
Labels:
105
0 Kudos
4 REPLIES 4
funkylicious
SuperUser
SuperUser

Created on ‎10-10-2025 11:22 AM

check https://docs.fortinet.com/document/fortigate/7.0.0/new-features/989515/allow-deep-inspection-certifi... 

"jack of all trades, master of none"
"jack of all trades, master of none"
84
0 Kudos
raffaeledp
Contributor
In response to funkylicious

Created on ‎10-11-2025 11:51 PM Edited on ‎10-12-2025 12:02 AM

Hello, thanks for your reply. I checked the guide steps, and I already have the Fortigate certificate installed on the EMS.

 maybe I am missing the point. The clients are outside the Fortigate network, they're working from home, so Fortigate should not be involved in this situation, because the only system involved should be Forticlient. What am I missing?

RDP
RDP
22
0 Kudos
sukaltu01
New Contributor

Created on ‎10-11-2025 07:17 AM

With so many and clear information I'm going to assume it is with cloud flare sites and then it likely is because of them changing ECH lately. try excluding cloudflare-ech.com from ssl inspection

47
raffaeledp
Contributor
In response to sukaltu01

Created on ‎10-11-2025 11:52 PM

Hello, thanks for your reply. I could disable the deep inspection, but not for just one site. I could disable it for all the sites.

RDP
RDP
20
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.