Fortinet has introduced a new configuration parameter in FortiOS 7.2.4 and higher. The setting is “http-supported-max-version” that is configurable under “config firewall vip”. Symptoms After an upgrade of the FortiOS to 7.2.4, some websites that are published over a virtual server on the FortiGate are loading infinite. A part of…
In the last two weeks we have received many support requests because of non-functioning SSL connections from our Fortinet, Palo Alto Networks and Watchguard customers. Incoming SSL connections on port tcp/443 suddenly stop working. These can be SSLVPNs, Global Protect connections, port forwardings (VIPs, Destination NAT) for internal web servers…
On Mai 2021, Let’s Encrypt issued a note about the expiration of their DST Root CA X3:https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ Now that this root certificate has expired (2021-09-30), your systems might issue a warning when connecting to sites using Let’s Encrypt certificates. To fix this glitch on a general client, follow the instructions…
FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates. The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient….
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine. It turned out that during the update process the server certificate used for the WebUI is lost. Config with v6.0.4…
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol…
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?