Addidtionally in older Firmware versions this cert became even invalid due to validity time exceeded btw was revoked by Fortinet. By factory default (and that is what your log shows: Fortinet_CA_SSL) this is a self signed certificate from fortinet. So the fortigate uses yet annother certificate to do this. It cannot use the original certificate for recryption because it din't have the private key to this (only the cert creator has this) (that is why using the AnyDesk Cert + CA doesn't work). This means the FortiGate has to decrypt your SSL and then after inspecting the data to recrypt it. I guess this is related to the way deep inspection works.
So if anybody got an idea how to resolve this problem or how to create an exception for the anydesk relay servers, that would be nice
I tried to install the CA and Root-CA certificates of the *. certificate but it didnt worked at all, even if I can see the certificates in the trusted CA certificate white list for the Deep Inspection. I've found a thread that is talking about a certificate that can be installed on the Fortigate to make it works but the user havent posted his solution ( thanks bruh !!! ). That would be logical with this kind of software where's critical vulnerability as been detected. Might be a man in the middle detected in their platform so the TCP session is resetted. I think there is a problem with the deep inspection and the relay servers they are using. If I remove the deep inspection on my computer, the software is working.īut as soon that I enable it, I got a ssl_14090086 error in the bottom of the software. The Internet service available in the list is only for the website I cant even create a Deep Inspection exception for *. Verifyca: 1, invalid_cert_action: 2, untrust_ca_action: 4, whitelist: 0 I am also searching regarding troubleshooting of deep packet inspection and I found this thread Īfter running this command " diagnose ips debug enable ssl", the dubug output showsĬreate_run_mode: SSL CA name: Fortinet_CA_SSL, untrust CA name: Fortinet_CA_Untrusted, VDOM: 0, enable: 1, mode: 2, I have to use deep packet inspection to block facebook comments, likes, and file uploads. I also created custom deep packet inspection profile and add AnyDesk FQDN on the exemption list but no luck. When I try to change the inspection mode to SSL Certificate, the AnyDesk shows no error. I have applied deep packet inspection in the firewall policy but AnyDesk application shows SSL error.