Skip to main content
Alpha7
Alpha7
New Member
July 13, 2017
Question

SSL deep scanning/certificate enrollment for BYOD devices

  • July 13, 2017
  • 2 replies
  • 12178 views

Hi

I have a requirement for a school where students should be able to download and install Fortigate SSL deep scanning certificate to their BYOD devices. Has anyone implemented SSL deep scanning for BYOD devices? if so, how did you enroll the Fortigate SSL deep scanning certificate to BYOD devices since they are not in domain?

 

Thanks

    2 replies

    RobertReynolds
    RobertReynolds
    New Member
    July 14, 2017

    When I ran Fortigate's in K-12 BYOD environments we made the certificate available on a pinned topic of the School's Learning Management System (we used Moodle at the time) with instructions for Mac and PC.

     

    At another School we invested in an MDM which allowed us to package up and distribute the certificate easily enough.

     

    FortiConnect at another School allowed us to create a nice .exe package for the Certificate which was then installed as part of the on-boarding process

    I submitted a New Feature Request during the 5.6 firmware beta period around theissue of simplifying the certificate deployment in BYOD environments, which i think was added to the NFR list but not sure if it made any traction internally?

    Alpha7
    Alpha7Author
    New Member
    July 24, 2017
    Hi Rob Thanks for your suggestions. Customer has bought Forticonnect. BYOD devices will be in a specific VLAN. One of the Fortinet SE has told me that I need to use smart connect feature in Forticonnect. Have you redirected the users from Fortigate to Forticonnect to download the certificate? How did you do that? Could you please give more details of integrating Fortigate with Forticonnect and the Forticonnect feature need to be used? Thanks
    Alpha7
    Alpha7Author
    New Member
    July 28, 2017

    Has anyone else got experience on this?

    Wurstsalat
    Wurstsalat
    Explorer
    August 3, 2017

    so while they are not managed you need them to install the certificate itself.

     

    Do you use any "Disclaimer" or Login Site for the students before they can access the Internet? Place a link with short instructions on this site where the People can download the certificate to install it.

    Terms & ConditionsAccessibility statement