Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anxious
New Contributor

Limited Network

Hello,

Issue: Limited Network message for network connection on android devices

I have about 60 Smart-boards (Android OS) which half of them are connected through cable and the other half through wireless to my network, when I try to apply firewall policy with SSL deep inspection over their traffic to the internet, these smart-boards show a warning message that "Some apps and services may not work due to limited connectivity. Use anyway?" then I have to confirm it so that it gets connected, and this message appears constantly which it creates problem for me.

It can be solved if I add a category exemption in SSL Profile for "Search engines and Portals" but this not a good solution since I need to have more control over filtering.

On PCs with windows 11 I do not get that message.

 

1- I need to choose yes1- I need to choose yes2- The result2- The result

 

I already installed the Certificate on all of this smart-boards as "Installed for VPN and apps" and also for "Installed for Wi-Fi". I installed for both of them.

But the result is the same.

 

 

I would appreciate your help.

Thanks.

4 REPLIES 4
kumarh
Staff
Staff

What is the firmware version on Fortigate? Are you connecting with Forticlient ssl-vpn? If yes, are you using EMS or free version?

Anxious
New Contributor

Hi,

The FortiOS version is 7.4.3

I have configured SSL-VPN tunnel on the firewall and I use fortiClient to get connected to the network. But I establish the VPN connection sometimes not always.

and for the remaining of your question I have the below screenshot:

 

Core Network Security Connectors 1.png

amrit
Staff
Staff

Please check this similar discussion forum and take pcap on Android devices to identify the certificate used by the problematic applications. applications. https://community.fortinet.com/t5/Support-Forum/SSL-Deep-Inspection-create-Internet-issue-for-Smartp...rue

 

You may need to exempt a few apps from deep inspection due to certificate pinning,  please refer to this  forum post: https://community.fortinet.com/t5/Support-Forum/Google-Play-Store-Not-Working/m-p/90114?m=170981

Amritpal Singh
AEK
SuperUser
SuperUser

Hi Anxious

Some applications use HSTS, refusing deep inspection (MITM) even if you install the required CA on the clients so they trust your FG. It is probably your case. You just need to check if your applications are HSTS.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors