Description
When Anti-Virus is enabled with HTTPS deep scan inspection in a FortiGate firewall policy, it is by default not possible to browse secure web sites with Internet Explorer 6.
This article provides a workaround for IE6 clients looking to use the explicit proxy with AV/SSL/Deep Scan enabled on the FortiGate.
Scope
FortiOS 4.0 and above.
Solution
The SSL stack in IE6 does not support empty fragments, this will cause issues when using the transparent proxy with HTTPS inspection. The following CLI parameter on the FortiGate should be enabled in order to disable SSL empty fragments from being sent:
config global config firewall ssl setting set ssl-send-empty-frags disable end |