Technical Note: Google HSTS servers.

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 193426

Description

HSTS (HTTP Strict Transport Security) is a protocol used initially by Google to prevent Man in the Middle attacks.

When doing deep inspection, the FortiGate intercepts the https traffic and it would give its own Self-Signed CA certificate to the Browsers. If the Browser is compliant to use HSTS connections, then it would refuse the FortiGate CA certificate as the certificate is not in the Trusted list for Google servers.

Solution

Verify if HSTS is enabled in the browser. If it is enabled then the HSTS settings on the browser should be cleared.

There are many published articles on clearing these browser settings, for example, https://appuals.com/how-to-clear-or-disable-hsts-for-chrome-firefox-and-internet-explorer/

11767

Contributors

kcapecchi

hrahuman_FTNT
Anonymous

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.