Deep SSL Inspection for Wi-Fi

Forum|Forum|3 years ago
August 3, 2022
1 reply
1626 views

We allow our Meraki access points out to the internet via our Fortigate internet firewall. We publish both an SSID for corporate laptops and a guest SSID for the public. We use SSL inspection on the firewall policy that allows the wireless network out to the internet so that we can scan HTTPS traffic for malware etc. The corporate laptops have the relevant certificate for the SSL Inspection profile installed so this works fine but guest devices such as mobile phones obviously don’t have the certificate so just get certificate errors when accessing the internet.

This is maybe a daft question but can anyone think of a way of differentiating between our guest and corporate wi-fi at a firewall level so we can treat the two differently from an SSL inspection perspective when both SSIDs are published by the same wireless network? Any advice welcome.

FortiGate

kcheng

Staff & Editor

Hi @wilhome

How do you differentiate the corporate users and the guest users? If you separated the subnet used by the corporate user and the guest user, it would be possible for you to create 2 policies with the respective source IP. In that case, you can configure the guest users with certificate inspection profile.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded