Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎09-17-2010 01:32 AM

Article Id 197064

Technical Note : Unable to browse secure web sites (HTTPS) with IE6 when AV deep scan is enabled

Description
When Anti-Virus is enabled with HTTPS deep scan inspection in a FortiGate firewall policy, it is by default not possible to browse secure web sites with Internet Explorer 6.

This article provides a workaround for IE6 clients looking to use the explicit proxy with AV/SSL/Deep Scan enabled on the FortiGate.

Scope

FortiOS 4.0 and above.


Solution
The SSL stack in IE6 does not support empty fragments, this will cause issues when using the transparent proxy with HTTPS inspection. The following CLI parameter on the FortiGate should be enabled in order to disable SSL empty fragments from being sent:

config global
config firewall ssl setting
set ssl-send-empty-frags disable
end


Labels:
3129
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.