![]() >After reading the discussion I am not sure if I understood the solution correctly. ![]() Go to "config application list", "edit ", "set app-replacemsg disable". If you are using the Application Control profile and FortiOS 5.4, Go to "config webfilter profile", "edit ", "set https-replacemsg disable". If you are using the Web Filter profile and FortiOS 5.4, here's how: It is not released to the public yet as it is undergoing beta tests. Our dev team has released a new engine to address TLS 1.3. It should not affect it if certificate-inspection is used. TLS 1.3 would have affected the engine if you used deep-inspection - not widespread yet, recently added into Chrome 56 (would require the server to support the protocol too). This is the default certificate-inspection profile. Could you post the output of the CLI commands, "config firewall ssl-ssh-profile", "edit ", "show"? The Fortigate only inspects the SNI on the Client Hello or the Server Certificate when Certificate Inspection is used. Certificate Inspection should not break any SSL connections.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |