fortigate SSH inspection - certificate vs deep

Forum|Forum|2 months ago
March 30, 2026
1 reply
166 views

Hello community

, If I use certificate inspection in an SSL/SSH inspection policy, users don’t need to have the certificate installed on their machines for basic URL filtering. However, for blocked pages, will users see the block banner? I assume they won’t. In that case, I would need to install the certificate on their devices, right? If so, does that mean there’s no real benefit to using certificate inspection if you don’t want to install certificates on guest machines? please suggest. basically customer want filtering but with no certifcate install.

AEK

SuperUser

Hi Raj

As it is not applicable to install CA cert on guest hosts, and usually don't need to fully protect them as we do with corporate hosts, then we just use certificate inspection for guests instead of deep inspection.

The result is that we can do around 99% good URL filtering, and we can block unwanted categories, even if the block page is displayed or not.

AEK

Raj_PandeyAuthor

Explorer

yep, that is right, however its a customer ask to have that block page displayed to guest users, i told that without certificate it wont possible, so is that right? or is there a way/

AEK

SuperUser

I hope I'm not wrong but I think it should be displayed but with a certificate warning message on the browser.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded