Fortigate 5.6: NGFW mode: SSL Interception

Forum|Forum|9 years ago
April 30, 2017
1 reply
5086 views

Hi,

Found a massive limitation in 5.6 NGFW mode: You can only configure SSL Interception profile globally in Settings.

If you got (closed) devices that doesn't allow to add trusted root certificate you can't force them to use a different (SSL Cert Inspection only) profile.

In policy mode: From: Closed device, To: Any, Serv: HTTPS, Allow, SSL: Cert-Inspection.

Enhancement request: Add a "From" exception in the SSL/SSH Profile? (As this would probably be the easiest place to implement).

hklb

Visitor III

Hi,

Totally agree.

But I think in policy it's not the best way to do that because you can have multiple policy from the same source to the same destination, but with a different application control associated.

IMHO the best way is in central nat policy. These policy are not associated to a application/web category, so you are sure you can't have multple match.

Lucas

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded