Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aymericQA
New Contributor

Created on ‎06-23-2025 08:27 AM

SSL Inspection -> systematic SSL Error server-rst

Hello everyone

 

After a series of upgrade from fortiOS 5.6 to 7.4.8 on a FG101 cluster, i can't enable SSL Inspection anymore.

 

Every policy where i have SSL Inspection + (Web filter or Application control), web pages end up with a 'ERR_CONNECTION_RESET' in the browser and a SSL Error is logged 

 

forti.png

 

 

If a choose a 'non-inspection' profile, no issue.

If I disable 'Server certificate SNI check' in a non working SSL profile, the error is gone too.

 

Any advice or experience ?

 

Thank you

Aymeric

Labels:
239
0 Kudos
1 REPLY 1
ebrlima
Staff
Staff

Created on ‎06-23-2025 01:29 PM

FortiOS enhanced it's TLS support from 5.6 to 7.4, so SNI check is probably the cause of the issue. Check SSL logs for errors in SNI validation and take a look at the behavior when each of the actions is defined on the ssl inspection profile:

 

Screenshot 2025-06-23 172610.png

Eudes Lima
200
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.