friends good day, one question:
In our main office we have a firewall with version 7.2.5, in this office there are problems accessing a page because when trying to access the certificate message appears:
"the connection is not private
It is possible that attackers are trying to steal your information from xxxxx.com
(for example, passwords, messages or credit cards).
NET::ERR_CERT_AUTHORITY_INVALID"
To fix this issue, a policy was created for that page and the no-inspect profile was applied.
However, when the user enters the page at the top, the message "not secure" appears. Is there a way to remove that message?
Since in our branch we have a 7.0.12 firewall, in which there is the same problem of access to the page. The same solution was applied, that is, the access policy was created for that page and the no inspection profile was enabled. However, when trying to access the same page, the message "not secure" does not appear at the top.
My question is, why does the user who is in the main office get that message on top and the other user who is in the branch doesn't get that message?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
You may expect such message in case deep inspection is performed or traffic is blocked and replacement message is generated while CA certificate is not imported.
You may consider to check in browser/traffic sniffer whether there is redirection or traffic is blocked and replacement message is generated.
but because if the configuration was made in both offices, in one office when accessing the page you get that "not secure" message and in the other office it does not appear.
Double-check all inspections you are doing on those interfaces (Check policies) any Security profiles could be causing this for sure. Easy testing will be to disable the ones you have enabled and test. Clear your browser cache. Especially DNS Filter or Web Filter, as well as SSL Inspection
Hello @unknown1020,
Which certificate is presented to the users, you can check the certificate that will give you an idea that which firewall or a server is presenting this certificate to users. Please ensure that CA certificate, which signs the server certificate is installed in the local certificate store of client machine. Microsoft Edge & chrome use built-in Windows store while Firefox has it's own certificate store, so incase of Firefox, please ensure that CA certificate is added in the browser's store.
regards,
Sheikh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.