Skip to main content
jonlarsen
jonlarsen
New Member
May 14, 2018
Solved

SSL deep inspection client-cert-request

  • May 14, 2018
  • 1 reply
  • 4202 views

I have an SSL inspection profile set to deep-inspection.

What does this option actually do to the SSL handshake? And will the Fortigate still be able to inspect the traffic?

"set client-cert-request bypass"

    Best answer by abelio

    Hi

    By default, those SSL sessions using  "client-certificates"  bypass the SSL inspection.

    You could also control that using inspect or block the traffic

     

    1 reply

    abelio
    SuperUser
    abelioAnswer
    SuperUser
    May 14, 2018

    Hi

    By default, those SSL sessions using  "client-certificates"  bypass the SSL inspection.

    You could also control that using inspect or block the traffic

     

    jonlarsen
    jonlarsenAuthor
    New Member
    May 15, 2018

    Hi :) Okay, I have changed the SSL inspection on HTTPS from 443 to all ports, and this also disabled the bypass setting for client-certificates. I see I can change it in the CLI under "config ssl".

     

    Thanks!

    Terms & ConditionsAccessibility statement