Hello,
I hope this message finds you well.
Below is the detailed information regarding the issue we are experiencing with our Fortigate 6300F with FortiOS 7.2:
We are using a Fortigate 6300F configured as an explicit proxy. The Fortigate restricts access to certain categories, such as Instant Messaging (e.g., https://zoom.com). When a user attempts to access these restricted categories, a warning page is displayed. The Fortigate generates a certificate signed by a custom CA certificate that we uploaded (not the default one).
However, after the user proceeds past the warning page and is redirected (e.g., to https://zoom.com:8010), the Fortigate uses the default certificate instead of the custom CA certificate.
Please note that we have cloned all the default SSL inspection profiles and configured them to use our generated self-signed CA certificate. We are only using the certificate inspection profile, not full inspection.
We would like to ensure that the Fortigate always uses the custom CA certificate for all connections, including those that are redirected after warnings.
Thank you for your assistance.
Best regards,
Jesús Ángel
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you able to confirm the SSL profile is configured as per https://community.fortinet.com/t5/FortiGate/How-to-use-custom-certificate-for-FortiGate-Block-pages/...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.