Technical Tip: How to change SSL Inspection from certificate-inspection to no-inspection
| Description | This article describes how to change the SSL Inspection profile from certificate-inspection to no-inspection in a firewall policy from 6.2.0 if the Security Profiles are enabled. |
| Scope | FortiGate. |
| Solution | In the Security Profiles section, if no security profiles are enabled, the default SSL Inspection is 'no-inspection'.
If any security profile is enabled, it will not be possible to select 'no-inspection' as it will not appear in the list.
In order to change from 'certificate-inspection' to 'no-inspection', it is necessary to disable all security profiles in the policy.
To change the SSL Inspection profile to 'no-inspection' from the CLI, first disable all the security profiles and then set ssl-ssh-profile to no-inspection.
FortiGate-101E (root) # config firewall policy FortiGate-101E (policy) edit 1 FortiGate-101E (1) set utm-status disable FortiGate-101E (1) set ssl-ssh-profile no-inspection FortiGate-101E (1) end
Related article: |
