HI,
In a policy I turned on ssl deep inspection on HTTPS, LAN to WAN.
In the security events logs\ssl I found this BLOCK logs entries. Microsoft address, what could be the problem?
What is meant in event subtype: unallowed-version?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
Which FortiOS version?
Can you share the following output?
config firewall ssl-ssh-profile
edit deep_insp_1
config ssl
show full | grep min
end
config https
show full | grep min
end
Hi @AEK ,
Fortigate 201F 7.4.3 build 2573
FG201F (utibvd) # config firewall ssl-ssh-profile
FG201F (ssl-ssh-profile) # edit deep_insp_1
FG201F (deep_insp_1) # config ssl
FG201F (ssl) # show full-configuration | grep min
FG201F (ssl) # end
FG201F (deep_insp_1) # config https
FG201F (https) # show full-configuration | grep min
set min-allowed-ssl-version tls-1.1
FG201F (https) # end
FG201F (deep_insp_1) #
Szia!
As AEK suggested, on the face of it it looks like the client is attempting to establish an SSL/TLS session using an SSL/TLS version that is configured as unsupported/blocked.
If you would like to confirm whether this result is valid and not a mistake, you will need to take a packet capture sample of this traffic, and then inspect it in wireshark to find out if there's anything that would trigger such action.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.