Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor III

Created on ‎11-15-2017 11:28 AM

SSL inspection leads me to madness ...

Hello, are you experiencing a problem with detecting and viewing Cloud Apps in version 5.6.x (specifically 5.6.2)? We have a deep ssl inspection set up, Fortinet_CA_SSL certificateimported to all PC,and an application control set (all applications monitoring). I tried lots of cloud applications (FB, Twitter, Dropbox, Instagram, Office365, Gmail and others). I then looked into Fortiview-> Cloud App and there were only GoogleSearch and Dropbox and instead of the email address in the CloudUser section there is only an IP address What is wrong? On another box (v5.4.6) it looks fine (also a few applications are not displayed, but not as large as 5.6.2). 

 edit "__upg_deep-inspection"
        set comment "Deep inspection."
        config ssl
            set inspect-all deep-inspection
            set allow-invalid-server-cert enable
        end
        config https
        end
        config ftps
        end
        config imaps
        end
        config pop3s
        end
        config smtps
        end
        config ssh
            set ports 22
            set status disable
        end
        config ssl-exempt
            edit 1
                set type address
                set address "xxxxx"
            next
            edit 2
                set type address
                set address "xxxxx"
            next
            edit 3
                set type address
                set address "xxxxx"
            next
            edit 4
                set fortiguard-category 31
            next
        end
        set caname "Fortinet_CA_SSLProxy"
        set ssl-exemptions-log enable

edit 35
        set uuid 1c7893e4-c8a0-51e7-66bc-7337d7a0d788
        set srcintf "ssl.root"
        set dstintf "wan1"
        set srcaddr "xxxxxL_range"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set users "xxxxx"
        set tcp-mss-sender 1354
        set tcp-mss-receiver 1354
        set comments "Clone of 32"
        set av-profile "default"
        set webfilter-profile "VPN"
        set ips-sensor "protect_client"
        set application-list "TEST"
        set profile-protocol-options "default"
        set ssl-ssh-profile "__upg_deep-inspection"
        set nat enable

 

Thanks Jirka

6521
0 Kudos
4 REPLIES 4
packetpusher
Contributor

Created on ‎11-16-2017 03:51 AM

Did you find any resolution?

 

Thanks

1593
0 Kudos
Jirka1
Contributor III
In response to packetpusher

Created on ‎11-16-2017 03:55 AM

No. I will wait few days if someone kick me an idea. If not, I will create ticket to support. Jirka

1604
0 Kudos
packetpusher
Contributor
In response to Jirka1

Created on ‎11-17-2017 08:27 AM

It sounds like a bug to me I would report it to Fortinet TAC.

1604
0 Kudos
Jirka1
Contributor III
In response to packetpusher

Created on ‎11-22-2017 08:04 AM

Guys,

all day I intensively communicate with TAC about this problem. They now told me that if FGT does not have a harddisk or disk logging is disabled, Fortiview for Cloud app will not work... Whaaaat? We have logging to Fortianalyzer all the time and everything worked in version 5.4.6. If that's true, how can it be Google and Dropbox show it? Please your opinion.  Thanks, Jirka

1604
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.