Anyone using ssl-mirror successfully?

Forum|Forum|9 years ago
February 22, 2017
1 reply
7941 views

I am trying to decrypt SSL traffic for analysis using the setting "ssl-mirror" under the policy. This is on a 60D running 5.4.4 and I am capturing traffic between internal1 and wan1, and mirroring it to internal7. Internal1 is in a virtual-switch.

It appears to be working, but Wireshark is not seeing the traffic. I disabled any local firewalls and ensured that interfaces are being put into promiscuous mode. Running 'diag packet sniffer' while HTTPS traffic hits the policy I do see the traffic on the console - and if I convert the output using fgt2eth.exe it is the traffic in question. And, the Tx counters on the interface are incrementing.

But for some weird reason Wireshark is not seeing it all.

Curious if anyone is using ssl-mirror and if they got it to work, and if there are any special considerations.

SSL

ergotheregoAuthor

New Member

FortiNet TAC got back to me. The ssl-mirror feature is currently broken. Their bug ID is 0408993 and they have confirmed that regardless of the machine used, it never actually receives the traffic.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded