It looks like another bad day for FortiGuard servers. We're getting a
lot of complaints across the board from various customers about
mainstream web sites not loading with a blocked category message
(including fortiguard.com and forum.fortinet.com!)....
We're noticing this problem across multiple clients this morning. Any
users using Internet access policies with a DNS Filter profile enabled
are blocked from accessing the Internet. The DNS Query logs show
constant failures with:[ul]Error: no availab...
Unfortunately (and fortunately), the answer is no and this will never be
possible. The LetsEncrypt certificates that you can easily obtain are
always non-CA certificates. Deep packet inspection requires a CA
(certificate authority) certificate. You'l...
Hey JJ, I posted the solution in the thread you referenced. It looks
like you're only using the Automation Stitch notifications which don't
send the details of what changed, unlike the old "Alert Email Settings"
option. Since the "Alert Email Setting...
I can only comment on the new native FortiOS 7.0 LetsEncrypt/ACME2
implementation. Based on the available documentation, automation only
seems to support HTTP/HTTPS verification, which makes sense given that
the FortiGate wouldn't have any native way...
You can only use a Certificate Authority (CA) certificate with deep
packet inspection. You cannot use a regular certificate. You'll notice
that CA certificates and non-CA certificates are grouped separately
under System / Certificates. It is simply n...
This doesn't directly answer your specific question, but the way I
demonstrate the value of DPI is to set up an Internet access policy with
AV enabled and show that with DPI enabled the FortiGate blocks any
attempt to download the EICAR antivirus tes...