I have it configured to replace our current gateway/router, but I can only connect it to the network temporarily (replacing the existing one) for testing since it is NOT the gateway yet. When I plug it in, I go to my workstation and test connectivity. Email works, RDP works and many websites open with no issue. However Amazon and Facebook (for example) do not. I can't tell the exact error I get right now because I can't do the swap during the middle of the day.

 

Hopefully after 2pm I can try again and I will get the actual error.

I get one error in Chrome and a different one in MS Edge. I would post screen shots but apparently that is not supported here, you can only post URLs for pictures from the web.

 

Anyway, Edge says:

 This site is not secure This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

Go to your Start page Details Your PC doesn’t trust this website’s security certificate.

Error Code: DLG_FLAGS_INVALID_CA

Because this site uses HTTP Strict Transport Security, you can’t continue to this site at this time.

 

 

Chrome says: An application is stopping Chrome from safely connecting to this site.

"Fortinet" wasn't installed properly on your computer or the network

 

Try uninstalling or disabling "fortinet"

Try connecting to another network

 

NET::ERR_CERT_AUTHORITY_INVALID

 

Then, under "advanced," it says: "Fortinet" isn't configured correctly. Uninstalling "fortinet" usually fixes the problem.

Applications that can cause this error include Anti-virus, Firewall and web-filtering or proxy software.

 

 

I have not installed ANY software along with this firewall and do not have "Fortinet" installed or otherwise present to my knowledge. And this would make no sense if other websites display with no issues.

 

The error means the same - your browser doesn't trust the CA which signed the ssl certificate. The first thing you should check is what is the issuer of the presented certificate. In chrome and all browsers is similar, simply click the padlock in the address bar, look for certificate "issuer". 

If you see Fortinet as issuer, that means fortigate is re-signing the certificate and acts as man-in-the-middle. May be you have deep-inspection profile applied or fortigate is trying to re-direct you to authentication page or deliver some replacement message which requires traffic decryption, there might be many reasons depends on your configuration.

is there another way except adding the certificate at Chrome to solve the issue?

 

I have many devices and don`t want to add the certificate on Chrome one by one for all devices

Hi Try to lower your wan interface mtu (1462) especially if you are using PPPoE or xDSL connection

and disable full ssl inspection if it is enabled.

Best Regards pyy

Typically webfilter would not allow traffic through by default if the license had expired on it. You can verify the license using "get webfilter status".Even though ICMP allowed web traffic may not allowed.

You can try turning off all UTM features so Fortinet will operate without nextGen features.