FortiADC - switching between client ssl profiles

Forum|Forum|3 years ago
July 13, 2022
1 reply
1218 views

Hi. We are migrating from Citrix Netscaler to FortiADC. On the netscaler we had client authentication ssl profile depending on which URL the client accessed, and being able to switch between them depending on what the accessed.

How do we change Client SSL profiles dynamically using the FortiADC scripting ?

Is there a list of internal referenced functions that can be used in the Scripts ? ie. LB::, SSL:: VS::..

On F5 you can do something like this:

when HTTP_REQUEST {

if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {
if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
set cmd "SSL::profile /Common/require_clientssl"
eval $cmd
SSL::renegotiate
event disable all
}
}
}

FortiADC

A

Anonymous_User

New Contributor III

Hello @ncmath ,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks and regards,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded