Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jond
New Contributor III

Created on ‎11-29-2024 08:54 AM

"It looks like xyz.com closed the connection" with SSL Deep inspection enabled

Hi All,

 


I'm getting a lot of help desk tickets with stuff like "It looks like mathsbot.com closed the connection" (one of many sites!)  I use deep packet inspection.

 

I've tried pretty much every option on the profile to change that, but the only thing that seems to work is adding the site (or the relevant category) to the SSL exceptions.  I'm getting enough of these tickets for it not to be sustainable.

 

Any ideas anyone? (I do need DPI, educational institutions)


Cheers


Jon

#fortigate

Labels:
703
0 Kudos
10 REPLIES 10
Jond
New Contributor III
In response to AEK

Created on ‎12-02-2024 08:09 AM

FGT_601E_FW1 # config firewall ssl-ssh-profile

FGT_601E_FW1 (ssl-ssh-profile) # edit "Modded deep-inspection"

FGT_601E_FW1 (Modded deep-insp~ion) # show
config firewall ssl-ssh-profile
edit "Modded deep-inspection"
config https
set ports 443
set status deep-inspection
set unsupported-ssl-version allow
set expired-server-cert allow
end
config ftps
set status disable
set expired-server-cert allow
end
config imaps
set status disable
set expired-server-cert allow
end
config pop3s
set status disable
set expired-server-cert allow
end
config smtps
set status disable
set expired-server-cert allow
end
config ssh
set ports 22
set status disable
end
config dot
set status disable
set unsupported-ssl-version allow
set expired-server-cert allow
end
set allowlist enable
config ssl-exempt
edit 1
set type address
set address "*.autodesk.com"
next
edit 2
set type address
set address "*.autodesk360.com"
next
edit 3
set type address
set address "*.castle.eu.com"
next
edit 4
set type address
set address "*.cdninstagram.com"
next
edit 5
set type address
set address "*.cricut.com"
next
edit 6
set type address
set address "*.engweld.co.uk"
next
edit 7
set type address
set address "*.fab.com"
next
edit 8
set type address
set address "*.facebook.com"
next
edit 9
set type address
set address "*.facebook.net"
next
edit 10
set type address
set address "*.fbcdn.net"
next
edit 11
set type address
set address "*.instagram.com"
next
edit 12
set type address
set address "*.psiexams.com"
next
edit 13
set type address
set address "*.psionline.com"
next
edit 14
set type address
set address "*.pubnubapi.com"
next
edit 15
set type address
set address "*.sky.com"
next
edit 16
set type address
set address "*.wpmeducation.com"
next
edit 17
set type address
set address "Alphabet"
next
edit 18
set type address
set address "api-uk.quadient.com"
next
edit 19
set type address
set address "catalogue.chigroup.ac.uk"
next
edit 20
set type address
set address "employerhub.hants.gov.uk"
next
edit 21
set type address
set address "farrier-reg.gov.uk"
next
edit 22
set type address
set address "idp.lrs.education.gov.uk"
next
edit 23
set type address
set address "jusp.jisc.ac.uk"
next
edit 24
set type address
set address "meet.turns.goog"
next
edit 25
set type address
set address "seas.org.uk"
next
edit 26
set type address
set address "socket-io.quadient.com"
next
edit 27
set type address
set address "southofenglandeventcentre.co.uk"
next
edit 28
set type address
set address "workspace.turns.goog"
next
edit 29
set type address
set address "WPM_paymentgateway.wpm.flywire.com"
next
edit 30
set type address
set address "WPM_store.wpm.flywire.com"
next
edit 31
set type address
set address "www.coolmathgames.com"
next
edit 32
set type address
set address "www.cpdstore.ac.uk"
next
edit 33
set type address
set address "Outgoing External Hosts ALL PROTOCOLS ALLOWED"
next
edit 34
set type wildcard-fqdn
set wildcard-fqdn "*.alphabet.com"
next
edit 35
set type wildcard-fqdn
set wildcard-fqdn "*.animationuk.org"
next
edit 36
set type wildcard-fqdn
set wildcard-fqdn "*.chigroup.ac.uk"
next
edit 37
set type wildcard-fqdn
set wildcard-fqdn "*.giftround.co.uk"
next
edit 38
set type wildcard-fqdn
set wildcard-fqdn "*.google.co.uk"
next
edit 39
set type wildcard-fqdn
set wildcard-fqdn "*.google.com"
next
edit 40
set type wildcard-fqdn
set wildcard-fqdn "*.gov.uk"
next
edit 41
set type wildcard-fqdn
set wildcard-fqdn "*.lsi.co.uk"
next
edit 42
set type wildcard-fqdn
set wildcard-fqdn "*.texthelp.com"
next
edit 43
set type wildcard-fqdn
set wildcard-fqdn "*.xams.co.uk"
next
edit 44
set type wildcard-fqdn
set wildcard-fqdn "*.youtube.co.uk"
next
edit 45
set type wildcard-fqdn
set wildcard-fqdn "*.youtube.com"
next
edit 46
set type wildcard-fqdn
set wildcard-fqdn "aub.ac.uk"
next
edit 47
set type wildcard-fqdn
set wildcard-fqdn "google-drive"
next
edit 48
set type wildcard-fqdn
set wildcard-fqdn "google-play"
next
edit 49
set type wildcard-fqdn
set wildcard-fqdn "google-play2"
next
edit 50
set type wildcard-fqdn
set wildcard-fqdn "google-play3"
next
edit 51
set type wildcard-fqdn
set wildcard-fqdn "googleapis.com"
next
edit 52
set type wildcard-fqdn
set wildcard-fqdn "Questback"
next
edit 53
set type wildcard-fqdn
set wildcard-fqdn "ricoh.co.uk"
next
edit 54
set fortiguard-category 30
next
edit 55
set fortiguard-category 31
next
end
set ssl-exemption-log enable
next
end

71
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.