SSL Deep Inspection / Cookbook discrepancies

Forum|Forum|10 years ago
May 13, 2016
1 reply
4878 views

The Fortinet documentation to prevent certificate warnings says, regarding the Deep Inspection Policy,

In this policy, the web categories Health and Wellness, Personal Privacy, and Finance and Banking are excluded from SSL inspection by default. Applications that require unique certificates, such as iTunes and Dropbox, have also been excluded.

However, on my configuration, the Deep Inspection Policy does not have these exceptions enabled. Additionally, the addresses (see screenshot) like "Android," "AppStore," etc., are not in my configuration.

My questions, then, are:

[ol]

Are these Addresses supposed to be included out of the box, and if not, does Fortigate publish the configuration files so I can add them? These addresses are referenced elsewhere, so it would be nice to have them.

Is the Deep Inspection Policy indeed supposed to exclude Dropbox, or is the documentation incorrect?

If the Deep Inspection Policy does not include the Dropbox desktop client, what is the best way to exclude it from scanning (there was another post in the forums that suggested making a new firewall policy, but I don't understand how to only apply it to the Dropbox Desktop Client).[/ol]

Thanks for your help.

Fortigate 60C

v5.2.7,build718

Screen Shot 2016-0__ at 11_54_52 AM.jpg

Baptiste

New Member

Hello,

thoses adresses are manually created (it's an example) : you choose what you want to exempt from DPI

you have to create your own adress list based on what you want/need

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded