Skip to main content
chrismes
New Member
August 27, 2015
Question

capture https?

  • August 27, 2015
  • 2 replies
  • 4075 views

I've tried to capture https traffic on Fortigate 300c. But I only see 3-wayhandshake and finish of tcp-session. No packets between. So it seems, capturing on Fortigate "hides" all SSL-traffic, not behaving like tcpdump on other firewalls. Is there a way capturing https traffic seeing all packets? http traffic capturing is looking like tcpdump (all packets captured).

Any suggestesions?

Thanks.

 

    2 replies

    jintrah_FTNT
    Staff
    Staff
    September 1, 2015

    I believe you are using hardware accelerated ports of 300C where traffic gets offloaded to ASIC after 3Way handshake. Please check this article http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30043

     

    vjoshi_FTNT
    Staff
    Staff
    September 1, 2015

    Hello,

     

    The solution provided in the earlier post is good, however that disables complete offloading on the respective interfaces. This might impact the performance if the load on the device is too high.

     

    Instead, you can run the command:

    config firewall policy

    edit <policy id>

    set auto-asic-offload disable   --->> this command disables the offloading for the traffic which is passing across this policy only

    end

     

    As mentioned earlier, if the traffic is high across this policy, you can create a dedicated Firewall policy for the specific source or destination and disable the auto-asic-offload.

     

    Hope that helps