How SSL inspection works?

Forum|Forum|10 years ago
September 14, 2015
2 replies
7445 views

Hello,

till now I was sure that there are 2 possible modes: 1) certificate inspection (inspects the SSL handshake only) and 2) deep inspection (FG terminate SSL session from WAN side and encrypts packets with FG certificate towards LAN side). Today I'm reading "..Normally Fortigate is used for SSL inspection. It decrypts a copy of a packet in order to scan it, but doesn't actually terminate the SSL session. Instead, it passes along the encrypted packet (if it doesn't violate the security policies)..." - training material "FortiWEB Integrating Front-End SNAT & Load Balancers" page 15.

Hmm... Something new? I'm missed something? A mistake in the material? A new feature which will be in 5.4? ???

What do you think?

BR, Ramunas

ede_pfau

SuperUser

Hmmm...specific to FortiWeb? This description does not have to apply to a Fortigate.

ramunasAuthor

Explorer

It was talked about FortiGate. The topic is "Should you use FortiWEB or FortiGate for SSL offloading?". May be it is mistake. If I understand correctly, the "man in the middle" can't decrypt SSL traffic (at least without supercomputer)

BR, Ramunas

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded