Skip to main content
SivaG
SivaG
Explorer
May 12, 2025
Solved

ForcePoint DLP integration with FortiGate using ICAP profile

  • May 12, 2025
  • 3 replies
  • 3917 views

One of our customer planning to integrate Forcepoint DLP with our FortiGate firewall using ICAP profile and require information regarding SSL inspection, specifically whether deep SSL inspection is necessary for this integration.

 

As deep inspection enables the firewall to decrypt, inspect, and re-encrypt encrypted traffic by acting as an intermediary, which requires distributing FortiGate’s CA certificate to all endpoints to avoid certificate warnings.

 

Could you please confirm if deep SSL deep inspection is mandatory for Forcepoint DLP integration with FortiGate? 

 

 

Best answer by SivaG

Hi everyone,

 

Meanwhile I checked with Fortinet TAC team and find the below response for my query,

 

Yes, it is mandatory to have the FGT-CA certificate in all endpoints. Review the below for more information

Push the certificate over GPO
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-distribute-a-Fortinet-CA-SSL-certificate-on/ta-p/305034

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-Deep-Inspection-basic-behavior/ta-p/247915
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-the-right-certificate-for-SSL-SSH/ta-p/274168

 

Regards,

SivaG

3 replies

Anthony_E
Staff
Anthony_E
Staff
May 15, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
    Anthony_E
    Staff
    Anthony_E
    Staff
    May 19, 2025

    Hi,

     

    Did you have a look in our FortiDLP Knowledge Base?

    https://community.fortinet.com/t5/FortiDLP/tkb-p/TKB55

     

    You have a lot of articles that could help.

     

    Regards,

    Anthony

    Best Regards
      SivaG
      SivaGAuthorAnswer
      Explorer
      May 29, 2025

      Hi everyone,

       

      Meanwhile I checked with Fortinet TAC team and find the below response for my query,

       

      Yes, it is mandatory to have the FGT-CA certificate in all endpoints. Review the below for more information

      Push the certificate over GPO
      https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-distribute-a-Fortinet-CA-SSL-certificate-on/ta-p/305034

      https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-Deep-Inspection-basic-behavior/ta-p/247915
      https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-the-right-certificate-for-SSL-SSH/ta-p/274168

       

      Regards,

      SivaG

        Terms & ConditionsAccessibility statement