
FortiGate 2000E Firmware version : v6.0.2 build0163 (GA)
Forti Endpoint Management Server : 6.0.4 build 0158
Forti Client Version : 6.0.4
Symptoms
- When blocked a HTTPS site, the package just validates the conventional “This page can’t be shown” or “This page can’t display” message.
- Web site request not validate the Fortigate certificate in your logon machine.
Cause
- When user request for HTTPS web site and assigned web filter and Application filter to user address or AD user. If checked logs on Forti analyser or fortigate device, found that Application filter is blocked HTTPS web application over browser. When you have applied Application control over the Internet policy.
- When you have enabled NAT mode as Proxy and Application filter profile have flow based that time HTTPS request getting error like “This page can’t be reached”.
- Older version of IPS signature.
Solution
- If you have enabled proxy mode on NAT then you should change to flow based.
- Application control should be removed from user policy in fortigate.
- Upgrade the IPS signature version on fortigate.
- Config below command on web filter profile.
- #config application list
- #edit “Test application profile”
- #set app-replacemsg enable
Leave a Reply