Secure sites blocked by N4L

91 views
Skip to first unread message

Mike Etheridge

unread,
Mar 3, 2019, 9:57:07 PM3/3/19
to techies-f...@googlegroups.com

The sites we have had trouble with so far, since the Fortigate kit was installed, have all had Let’s Encrypt certificates. Is Fortinet, or N4L, using Let’s Encrypt as a signature for unreliable/untrustworthy domains? If they are, they should cut it out. The certificates are perfectly valid. Anyone else with the Fortigate kit having similar problems?

Mike

Jonathan Webster

unread,
Mar 3, 2019, 11:11:01 PM3/3/19
to techies-f...@googlegroups.com
Can you please list some example sites where you've had issues? Sometimes people forget to create certificates for both the root domain and www separately with Let's Encrypt which can cause issues when sites redirect users between the two. (Assuming the newer wildcard cert option hasn't been used)



On Mon, 4 Mar 2019 at 15:57, Mike Etheridge <mi...@etheridge.co.nz> wrote:

The sites we have had trouble with so far, since the Fortigate kit was installed, have all had Let’s Encrypt certificates. Is Fortinet, or N4L,  using Let’s Encrypt as a signature for unreliable/untrustworthy domains? If they are, they should cut it out. The certificates are perfectly valid. Anyone else with the Fortigate kit having similar problems?

Mike

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Jonathan Webster
Senior Solutions Architect
The Network for Learning Ltd

M +64 22 040 3300  P 0800 LEARNING
The Textile Centre, Level 1, 117-125 St Georges Bay Road, Parnell, Auckland 1052
A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

jan...@mags.school.nz

unread,
Mar 4, 2019, 3:30:08 PM3/4/19
to Techies for schools
No issues here with anything of the sort really, been running with a FG for quite some time now and it's utterly fantastic. 

We had a few 'Newly Observed Domains' get flagged occasionally, we just opted to turn off that rule though. 

Mike Etheridge

unread,
Mar 4, 2019, 3:31:09 PM3/4/19
to techies-f...@googlegroups.com
All resolved so far after phone call to N4L. Phone staff have been very good.

Sites were
myschoollunch.co.nz (probably www issue as described)
Don’t have the others to hand right now

Mike

Mike Etheridge

unread,
Mar 4, 2019, 3:31:52 PM3/4/19
to techies-f...@googlegroups.com
So you can get that rule turned off? I’ll do that, cheers.

Mike


Josh Angel

unread,
Mar 4, 2019, 3:39:59 PM3/4/19
to techies-f...@googlegroups.com

Yup, just a request to the helpdesk should do it.

 

The only changes we’ve really made to our FG since install is adding support for reading domain logins, and setting up accounting packets from Radius for staff auth.

 

We did do some tweaks to some IPS rules for our hosted sites, but that is probably just a ‘limited to MAGS’ sort of thing as I get a bit paranoid with security.

 

Overall really impressed with both the gear, and how N4L have handled and managed our transition last year. It takes a hammering and has not skipped a beat.

--
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/-iyQfXVwjvE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages