Deep SSL Inspection over RDP

Forum|Forum|4 years ago
December 6, 2021
2 replies
3214 views

Hi All,

Will the setup able to inspect the file from client PC to the RDP host? My config will be source "client" destination "jumphost" all UTM turned ON with deep inspection. So my concern if the client has a encrypted malware to be copy into the host, will FGT able inspect and drop the connection/ packet? OR my setup is wrong?

Thanks!

FortiGate

darwin1_FTNT

Explorer

As far as I know RDP/VNC protocols aren't supported yet in utm file inspection (it can be identified as rdp or vnc traffic in application control utm). Data could be encrypted with password or certificate. Can ask TAC support for more details and TAC may file an NFR mantis bug. Dev will investigate if feasible to support (protocol could be very complex), then give time estimation to finish the feature. It is recommended to request new protocols support (as customer feedback) thru TAC support to keep the utm security features upto date . Thanks.

pavankr5

Staff

Hello @sub7even ,

Your setup with FortiGate and UTM features can help inspect and block malicious files, including encrypted ones.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/122078/deep-inspection
The FortiGate UTM features should be able to inspect and analyze files, including encrypted ones, if they are decrypted or temporarily decrypted during the transfer. Encrypted traffic, like HTTPS or SSL-encrypted RDP, can be challenging to inspect. The FortiGate device can use SSL inspection techniques to decrypt SSL-encrypted traffic, inspect it, and then re-encrypt it for delivery.
FortiGate devices typically use signature-based detection to identify known threats
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/213498/signature-based-defense

let us know if you have any queries

Thanks,

Pavan

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded