Deep Inspection Issues

Question

Is it possible to get full URL of end user without deep inspection?

I just set up deep inspection and disable replacement message but still showing certificate error in browser, I have tried some suggestions but nothing works. Import certificate, allow few web categories and it works but make a mess with web content because some parts are not in the right place.

How can I do a deep inspection but without getting those messages?

Christopher_McMullan · Answer

HTTP sites will not be a problem, obviously. Otherwise, it all comes down to balancing the trade-offs. Full DPI requires certificate re-writes, which can either be accommodated by deploying the FortiGate 'CA' certificate and dealing with HSTS browser issues in FF/Chrome, or else using certificate inspection, which ignores anything after the server hostname.

No non-DPI solution completely allows you to see the URL, since the GET request comes after the session is already encrypted.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded