Hello Everyone
I am using fortigate 60F Firewall and i have enables SSL Deep packet inspection i have installed certificate on almost all devices, however , Smartphone devices giving internet access as soon as I activate any security profile such antivirus, ips etc.
I even installed Certificate on mobile devices but still an issue.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Burhan,
deep inspection (DPI) generally is difficult with unmanaged clients like BYOD devices, smartphones, often are.
You may be able to check with an Android app "pcapdroid" to create a packet capture per app when you get this displayed. It could be that your FortiGate is not sending the intermediate CA certificate that you might have/need and the client needs this.
To verify a certificate the client will also need to complete a chain of certificates.
Server certificate > intermediate certificate(s) > Root CA
A pcap will show this easier (if the TLS version is 1.2 or lower).
Quick idea is, if you have the intermediate, install it on the FortiGate certificate/CA store and FortiGate should automatically send it.
Even though I have seen the Androids causing trouble with this, but there is a good change I might not have it done right in the past.
Best regards,
Markus
Thanks Markus_M for your response.
I have installed only Fortinet_CA_SSL Certificate on all my devices, which I have downloaded from SSL/SSH Inspection Profile as shown in attached image.
The same certificate I have installed on laptop and Desktop as well as Android devices.
Please tell If i am wrong or do i have to download any other certificate from Fortinet firewall.
Also I will try with pcapdroid
Hi Burhan,
yes, that certificate is correct. Needs to be installed on the client's trusted root cert store.
What exact(!) error does your browser give you when you get warnings?
Best regards,
Markus
I installed certificate in trusted root CA , the error it shows on mobile devices as a popup that some apps will not work and Apps like linkedin, tiktok is not working even there is no application blocked in app profile.
What i have to do is create a rule to not inspect the apps such as linkedin and titkok some others.
What exact error do you receive?
Best regards,
Markus
when I opened app it say network anomalies please check your internet connection.
These are the type of Error we are receiving
Hello,
the problem is that some applications (such as Binance, etc.) do not use a central certificate store on the device, but use their own certificate. The only option is to create an SSL exception on FGT.
Jirka
Dear burhanafridi603,
Thank you for posting to the Fortinet Community Forum.
Problem Description:-
SSL Deep Inspection create Internet issue for Smartphones.
As per your description you are facing internet issue for smartphone if you enable deep inspection in the policy
Please confirm whether you have install the deep inspection certificate and its CA cert in the smart phones
Are you facing issue with windows PC in the same subnet?
Please share the policy configuration.
Also can you share the snapshot of the error you are getting in your smartphones. Is the issue for all smartphones or only few users
Let us know if this helps.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.