I enabled my first SSL deep inspection for inbound SSL traffic. I setup a VIP (see config below). I am protecting exchange 2010 OWA (aka webmail).
since enabling this SSL protection, most android clients still connect, but a small percentage of them stop syncing email after about 12 to 24 hours. If they reboot their phone the issue is resolved for 12 to 24 hours. when syncing stops, the android native email client shows a security warning and says their is a problem with the certificate. The android log files shows a common SSL error:
IOException javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
Samsung S4, Android 4.4.2 and 5.0.1 - not working
Android 4.4.4 - no issues
I wish I knew what was wrong. :(
set comment "SSL for Webmail"
set type server-load-balance
set extip x.x.x.150
set extintf "any"
set server-type https
set http-ip-header enable
set monitor "Ping-Mon"
set ldb-method first-alive
set extport 443
set ip x.x.x.149
set port 443
set max-connections 9000
set ssl-mode full
set ssl-certificate "webmail_exp2018"
set ssl-min-version tls-1.0
set ssl-client-renegotiation secure
FG200D 5.6.5 (HA) - primary
[size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size]
FAZ-VM 5.6.5 | Fortimail 5.3.11
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.