- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: SSL Deep Inspection - Google Chrome
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL Deep Inspection - Google Chrome
Hi, is anyone else having a problem doing deep inspection using Google Chrome?
Google Chrome version: 119.0.6045.160 (Versão oficial) 64 bits
Fortigate 200F, 7.4.1.
config sys global
set admin-https-ssl-versions tlsv1-2 tlsv1-3
google same policy/ssl profile from prints below.
same policy ID from above - EGDE
same policy ID from abobe - firefox
SSL Profile:
Do you guys have some advices?
TY
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- I suspect the issue is seen due to Kyber Support introduced by chrome for TLS1.3 version.
- Check the chrome flags the configuration of the same. You can use "chrome://flags/#enable-tls13-kyber" check the configuration in chrome.
- Try to disable the option and check if the issue gets fixed. If yes then we can confirm the issue matches to a reported issue for which fixes will be coming soon.
Regards,
Shiva
- « Previous
-
- 1
- 2
- Next »
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've configured the SSL/TLS settings to include versions tlsv1-2 and tlsv1-3. However, users on Google Chrome version 119.0.6045.160 (Official Build) 64-bit are reporting issues with deep inspection functionality. Despite updating the browser and ensuring compatibility with the specified TLS versions, some users are experiencing jet skiing intermittent disruptions in accessing secure websites.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hardware 401F (Firmware 7.4.3), If web filter is turn on, Chrome cannot access website. Disable TLS 1.3 hybridized Kyber, problem is resolved. When Fortinet fix this issue?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm also having a hard time turning off Kyber for each computer. Our company has more than 100 pc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems like you're encountering issues with SSL Deep Inspection while using Google Chrome, specifically with Fortigate 200F version 7.4.1. Here are some suggestions and advice that might help:
Check Chrome Security Settings: Ensure that Google Chrome's security settings are configured to allow SSL Deep Inspection. Sometimes, browser settings can interfere with SSL inspection processes.
Verify SSL Profile Configuration: Double-check the SSL profile settings on your Fortigate device to ensure they are correctly configured for SSL Deep Inspection. Pay attention to any specific settings related to TLS versions and encryption algorithms.
Review Policy Configuration: Review the policy configuration on Fortigate for SSL Deep Inspection, especially for the domains experiencing issues (e.g., google.com). Make sure the policy is correctly applied and includes the necessary SSL inspection rules.
Check for Known Issues: Look for any known issues or compatibility issues between Fortigate, Google Chrome, and SSL Deep Inspection. Check vendor documentation, forums, or support channels for any reported issues and possible solutions.
Update Fortigate Firmware: Ensure that your Fortigate device is running the latest firmware version. Sometimes, firmware updates include bug fixes and improvements that can resolve compatibility issues with browsers like Google Chrome.
Test with Different Browsers: Try accessing the same websites using different web browsers like Mozilla Firefox or Microsoft Edge to see if the issue persists. This can help determine if the problem is specific to Google Chrome or if it's a broader issue with SSL Deep Inspection.
Contact Fortigate Support: If you're still experiencing issues after trying the above steps, consider reaching out to Fortigate support for further assistance. They may be able to provide specific troubleshooting steps or guidance based on your configuration and environment.
By following these steps and seeking assistance from support resources, you can hopefully resolve the issues you're encountering with SSL Deep Inspection in Google Chrome.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
stop using chatgpt
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're having the same issue.
Only solution was to disable TLS1.3 kyber support on chromium based browsers or disable ssl-inspection (Which would be stupid since that's one of the security measures of the product).
After inspecting the issue further we discovered that we were having fragmentation issues with this kind of tls handshake, check this out. https://community.fortinet.com/t5/Support-Forum/Fortigates-with-PPPoE-WAN-suddenly-need-TCP-MSS-1452...
Seems that the only way to keep SSL INSPECTION and TLS 1.3 kyber support in browsers is to set the tcp-mss value to the correct size. Since we're using PPPoE ours is 1452, yours might be different. Once the tcp-mss is set, everything works... or does it?
Which surprises me is that fortigate hasn't said anything about it...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why doesn't fortinet have an update to fix this problem? I also encountered an error of not being able to load SD-WAN rules with firmware 7.4.3
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Setting SSL/SSH inspection profile causes most... 306 Views
- ERR_EMPTY_RESPONSE only using Google Chrome accessing... 4595 Views
- FortiGate dailymotion block about 362 Views
- How to allow recaptcha without google... 635 Views
- vm IMAGE 582 Views
Labels
-
FortiGate
6,738 -
FortiClient
1,341 -
5.2
801 -
5.4
639 -
FortiManager
580 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
345 -
FortiAP
344 -
FortiClient EMS
274 -
FortiMail
262 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
110 -
FortiGuard
108 -
FortiSIEM
92 -
FortiGateCloud
88 -
FortiCloud Products
85 -
IPsec
83 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
68 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
32 -
SD-WAN
31 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
FortiAuthenticator
22 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Logging
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Traffic shaping
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.