SSL Deep Inspection not working with Chrome and Edge browsers

dclabs · ‎03-25-2022

Hi All,

I've configured a policy with SSL Deep Inspection for my company and installed the Fortigate CA certificate on our devices in order to now be shown the certificate warning. However (on both mac and windows devices) when using Firefox it does seem to work correctly and the certificate shown by the browser is the Fortigate's, though when using either Chrome or Edge the certificates shown in the browser are the original webserver certificates, just as if the deep inspection policy didn't exist at all.

What am I missing?

San_SP · ‎11-30-2024

Disable 'Use ML-KEM in TLS 1.3' flag on chrome.

follow the below KB article.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-is-not-blocking-websites-on-Goo...

this should fix the issues on chrome and edge.

Disable TLS 1.3 hybridized Kyber support on the Google Browser and/or Microsoft Edge:
For Google Browser: Navigate to chrome://flags/.
Search for TLS 1.3 hybridized Kyber support.
Set the action to Disable.

sjoshi · ‎12-01-2024

please refer:-

https://community.fortinet.com/t5/FortiGate/Technical-Tip-ERR-SSL-PROTOCOL-ERROR-when-using-Flow-bas...

Salon Raj Joshi
Fortinet Certified Expert (FCX) | #NSE8-003459

sw2090 · ‎12-01-2024

@San_SP: at least in FOS 7.2.x this issue is fixed via OTA Update of IPS Engine. Anyways this issue doesn't give you certificate errors but ssl protocol errors. So I don't think it is this issue.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

SSL Deep Inspection not working with Chrome and Edge browsers

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website