Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ankit1
New Contributor

Created on ‎06-28-2023 12:03 AM

Application control block zoom app

Hi All,

We have Fortigate 100D model with 6.2.15 version, recently we are facing issue with zoom app while accessing it and getting the below error.

 
 

zoom_error.png

 

We have validate the certificate on fortinet, its not expired and valid as well. Tried to download the certificate which are we using security profile as 'certificate inspection' in policy and inspection mode is set to proxy mode and added this certificate to the browser as well but no luck. When we changed inspection mode to flow based it started working as expected. But we want it should work on proxy mode with security profile as "certificate inspection'.

Could you please provide the solution?

Labels:
2532
0 Kudos
14 REPLIES 14
AlexC-FTNT
Staff
Staff

Created on ‎06-28-2023 12:11 AM

You mention Certificate - why do you think this is the problem? Does the FortiGate logs this as a problem (denies traffic because certificate is wrong/expired/etc)? Enable logging on that policy to see if Fortigate blocks the connection.

Otherwise, need to know how Zoom operates. If it's using SIP protocol for signalling, make sure you did NOT disable SIP-ALG on the firewall


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1942
Ankit1
New Contributor
In response to AlexC-FTNT

Created on ‎06-28-2023 02:45 AM

Hi,

We have not only facing the issue with zoom app but we 2 to 3 internal urls which we used and getting the same error for all this. Please find the below logs from FW.

 

Date    2023/06/27
Time    05:07:49
Duration    2s
Session ID    39341658
Virtual Domain    root
NAT Translation    Source

 

Source
IP    X.X.X.X
NAT IP    X.X.X.X
Source Port    60651
Country/Region    Reserved
Source Interface     Wireless Users
Device ID    FG100D3G16830465
User    

 

Destination
IP    170.114.52.2
Port    443
Country/Region    United States
Destination Interface     Internet Gateway (wan1)

 

Application Control
Application Name    HTTPS
Category    unscanned
Risk    undefined
Protocol    6
Service    HTTPS

 

Data
Received Bytes    3 kB
Sent Bytes    848 B
Sent Packets    10
LAN In    524 B
LAN Out    524 B
WAN In    4 kB
WAN Out    320 B

 

Action
Action    TCP reset from client
Security Action    Blocked
Policy    174
Policy UUID    fee49ddc-3d8e-51e8-1f90-df54824df03d
Policy Type    IPv4

 

Security
Level    

 

Cellular
Service    HTTPS

 

Other
ID    7249228209449861255
Time    2023-06-27 01:07:50
euid    3
epid    1262
dsteuid    3
dstepid    101
logflag    3
logver    602151378
Type    traffic
Sub Type    forward
Log ID    0000000013
Source Interface Role    lan
Destination Interface Role    wan
Log event original timestamp    1687842470289547000
Number of SSL logs    1
Timezone    +0000
dtime    2023-06-27 05:07:49
itime_t    1687842470

1925
0 Kudos
AlexC-FTNT
Staff
Staff
In response to Ankit1

Created on ‎07-02-2023 11:50 PM

Zoom App and URL can only block access (both at the same time) if you misconfigured something. The logs actually tell a different story: "TCP reset from client" is actually telling you that the client actively reset the session. This is not something that can be fixed on Fortigate, but can happen if the destination does not like something about your connection (usually that is the IP). So check if your public IP is not blacklisted - that means the end firewall may block the connection (and you will see the reset).


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1861
0 Kudos
Ankit1
New Contributor

Created on ‎07-02-2023 11:07 PM

Hi,

Someone could you please provide any solution on this as we have 2 to 3 internal urls (zoom,snowflake and logme123) which we used and getting the same error for all this. Also on firewall logs we see in ssl inspection logs getting "invalid/block cert" errorr.

1869
0 Kudos
AlexC-FTNT
Staff
Staff
In response to Ankit1

Created on ‎07-02-2023 11:52 PM

"invalid/block cert" - different error, but pretty obvious. Wrong certificate being used. Do you have another firewall / proxy after the FortiGate which does deep-inspection (or changes the certificate)? 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1859
0 Kudos
Ankit1
New Contributor

Created on ‎07-03-2023 12:26 AM

Hi,

We don't have any other firewall/proxy after the fortigate, we have router after fortigate. 

Also attached some screenshot for the certificate error. Actually we have 2 certificate "Fortinet_CA_SSL" and "Fortinet_CA_Untrusted". I think these apps picking "Fortinet_CA_Untrusted".MicrosoftTeams-image (8).pngMicrosoftTeams-image (7).png

 

Fortinet_cert.PNG

1855
0 Kudos
sw2090
Honored Contributor

Created on ‎07-03-2023 12:36 AM

Looks like you use "Fortinet_CA_Untrusted" for DPI. So you will have to make your client trust this CA by installing it as trusted certificate authority. 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1851
0 Kudos
Ankit1
New Contributor

Created on ‎07-03-2023 12:47 AM Edited on ‎07-03-2023 12:48 AM

Hi,

You mean to say we need to download and add this certificate ("Fortinet_CA_Untrusted") from Firewall and we can go into the browser in the client system by going to "internet options" then add it in root certificate?

1847
0 Kudos
saneeshpv_FTNT
Staff
Staff
In response to Ankit1

Created on ‎07-03-2023 01:57 AM

Hi,

 

Usually FGT uses Untrusted CA certificate if it is not able to successfully verify the actual Server certificate (Zoom Certificate).

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-FortiGate-handles-Untrusted-SSL-certif... 

 

For testing, you can manually download the Server certificate for Zoom and install in to FortiGate trusted CA list and try to access it again.

 

If the issue persist please share the section of relevant configuration and logs for checking further.

 

Regards,

 

1826
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.