I have a Fml 200 c as mail server for a domain. Since few days many a lot of mail incoming from Google accounts fails with this error:
STARTTLS=server, error: accept failed=0, reason=bad signature, SSL_error=1, errno=0, retry
On access control rules I ve put an explicit one that match protected destination *@mydomain.com, reverse dns pattern *.Google.com and a TLS profile (tried two profile: tls preferred and tls required.
But no way to solve.
Any Idea?
Is it a 100C or 200D? If 200D make sure you have the latest firmware installed. Also is the firewall doing TLS inspection?
it's a 200D. Ive discovered that the problem is caused by SSL inspection enabled on the fgt50D in front. If I disable SSL inspection the problem disappears.
I've updated the fgt firmware from 541 to 542 few days ago and I suppose this is the cause because before this it was working fine. I've opened a tichet for bot fgt and fml but no answer at the moment
User | Count |
---|---|
1921 | |
1144 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.