Technical Tip : FortiGate Intercepts POP3S, SMTPS and IMAPS certificates
Purpose
This article describes a situation that can be encountered when using a protection profile on encrypted email traffic.
In 4.0, on devices that support SSL Deep inspection, there are options for POP3S, IMAPS and SMTPS protocols. These protocols are similar to HTTPS, in that communications are initiated with an SSL Certificate.
With a protection profile in place the certificate can look like if it was signed by Fortinet. This is expected behavior if the unit is supposed to inspect the traffic.
In 4.0, on devices that support SSL Deep inspection, there are options for POP3S, IMAPS and SMTPS protocols. These protocols are similar to HTTPS, in that communications are initiated with an SSL Certificate.
With a protection profile in place the certificate can look like if it was signed by Fortinet. This is expected behavior if the unit is supposed to inspect the traffic.
The only way this can be done is to man-in-the-middle the traffic.
This is also the default behavior of a protection profile. Sometimes this behavior needs to be disabled.
Scope
FortiOS v4.0 and above, on devices that support SSL Deep Inspection.
Expectations, Requirements
The following CLI settings can be used to disable the proxies
config firewall profile
edit "(profile name)"
set imaps fragmail no-content-summary
set smpts fragmail no-content-summary
set pop3s fragmail no-content-summary
end