There is a known issue with CCleaner Cloud if SSL Full inspection is enabled within Fortigate. Please find a solution below:
Issue
After enabling full SSL inspection on the normal outgoing traffic policy on Fortigate; CCleaner Cloud agents could not connect to the cloud service.
Information
For CCleaner Cloud to connect, it needs access to port 443, and port 8080. Additionally, it needs to be able to communicate with the following domains:
- ms4.agomo.com
- dl.ccleanercloud.com
- ms.agomo.com
- ms3.agomo.com
- ds.agomo.com
- www.agomo.com
- www.ccleanercloud.com
- speccy.piriform.com
- agomo.com
- ccleanercloud.com
- piriform.com
Resolution
- Create an address for each of the URLs provided. You can place the addresses into a group if you like.
- Then exempt those addresses in the SSL Inspection Profile that is being used for the Policy.
- Make a copy of the policy being used for normal outgoing traffic.
- Paste the copy above the normal outgoing traffic policy.
- Edit the copy and name it something like “Bypass SSL Inspection”.
- In the "Destination" field add the “SSL Full inspection exemption” list you created above.
- Remove all other addresses from the Destination field.
- Set the SSL Inspection profile to a profile that does not perform Full packet inspection. Click OK.
- Enable the policy.
- Now traffic that is destined for the URLs in the exemption group will not have the Full packet scan performed but all other traffic will continue to be fully inspected.