Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anxious
New Contributor

Created on ‎04-28-2024 02:45 AM

Limited Network

Hello,

Issue: Limited Network message for network connection on android devices

I have about 60 Smart-boards (Android OS) which half of them are connected through cable and the other half through wireless to my network, when I try to apply firewall policy with SSL deep inspection over their traffic to the internet, these smart-boards show a warning message that "Some apps and services may not work due to limited connectivity. Use anyway?" then I have to confirm it so that it gets connected, and this message appears constantly which it creates problem for me.

It can be solved if I add a category exemption in SSL Profile for "Search engines and Portals" but this not a good solution since I need to have more control over filtering.

On PCs with windows 11 I do not get that message.

 

1- I need to choose yes1- I need to choose yes2- The result2- The result

 

I already installed the Certificate on all of this smart-boards as "Installed for VPN and apps" and also for "Installed for Wi-Fi". I installed for both of them.

But the result is the same.

 

 

I would appreciate your help.

Thanks.

238
0 Kudos
4 REPLIES 4
kumarh
Staff
Staff

Created on ‎04-28-2024 06:01 AM

What is the firmware version on Fortigate? Are you connecting with Forticlient ssl-vpn? If yes, are you using EMS or free version?

198
0 Kudos
Anxious
New Contributor
In response to kumarh

Created on ‎04-28-2024 06:19 AM

Hi,

The FortiOS version is 7.4.3

I have configured SSL-VPN tunnel on the firewall and I use fortiClient to get connected to the network. But I establish the VPN connection sometimes not always.

and for the remaining of your question I have the below screenshot:

 

Core Network Security Connectors 1.png

190
0 Kudos
amrit
Staff
Staff

Created on ‎04-28-2024 06:04 AM Edited on ‎04-28-2024 06:05 AM

Please check this similar discussion forum and take pcap on Android devices to identify the certificate used by the problematic applications. applications. https://community.fortinet.com/t5/Support-Forum/SSL-Deep-Inspection-create-Internet-issue-for-Smartp...rue

 

You may need to exempt a few apps from deep inspection due to certificate pinning,  please refer to this  forum post: https://community.fortinet.com/t5/Support-Forum/Google-Play-Store-Not-Working/m-p/90114?m=170981

Amritpal Singh
194
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎04-28-2024 06:32 AM

Hi Anxious

Some applications use HSTS, refusing deep inspection (MITM) even if you install the required CA on the clients so they trust your FG. It is probably your case. You just need to check if your applications are HSTS.

AEK
AEK
182
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.