Hello,
We are using a FortiGate 200E here, and this problem began after our last upgrade, we went from version 6.0.11 to 6.2.7.
As soon as we try to enable Web filtering, first connexion to a website throws an error in the web browser, complaining about the fortigate issuing the certificate. But if we hit reload on the page, the connexion works perfectly. Acces to the site is then possible for some hours, and, after a while, the same error occurs -> 1 time forti CA issuer, hit reload, and it works fine...
All websites are subject to this error : google, any media, even fortinet.com and this forum
I've been trying quite a few things to see what would cause the problem :
- With the SSL inspection "default" or or a "custom" certificate-inspection , result is the same
- without webfilter, no error when accessing a new web site.
- Without Webfilter, I can add any default security profile, no error.
The fortigate mode is "profile-based", no central SNAT, no VDOM.
Continued searching while the post was on hold, and it seems that the problem only occurs when the policy mode is "Flow Based", and doesn't happen when the policy is "proxy based".
Still have to check what it implies, but we may change our policy default inspection mode
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.