SSL inspection

Forum|Forum|7 years ago
August 22, 2018
1 reply
4391 views

Hello all, first post here.

I was wondering with the deep packet inspection (SSL inspection) turned on the certificate added to the firewall, will all my web pages show as secured by my company name. My concern is, what if a user goes to a website that is not secure. Will having this certificate show that the site is secure anyway. A question my coworker asked was "what happens if a user misspells a URL and goes to www.goofle.com?" Is that site going to show as secure?

SSL Inspection

dieter

New Member

SSL-inspection itself does a check on the original certificate, as far as I know.

You can block certificates that are untrusted (= not in firewalls trusted CA list) or invalid.

As for goofle.com (bad example tho because it immediately redirects): if it has a good certificate (https://www.ssllabs.com/ssltest/analyze.html?d=www.goofle.com ), it will show as ok.

That said, it's not ssl-inspection itself that blocks insecure sites/content. It only allows other security profiles (antivirus, application control...) to "see" inside the packets and do a better job.

eksjonathan

New Member

Hi Willcutaflip,

I've configured our SSL deep inspection. When browsing to a site with a problem certificate the Fortigate will use a certificate your clients should not trust, notably the one called Fortinet_CA_Untrusted (see System > Certificates). As a result your web browsers will show a certificate error. Sometimes clients will be able to progress through the warning, on other occasions the Fortigate will block the connection altogether and present a custom error page explaining the certificate is not trusted. This can happen when the remote certificate has expired, among other reasons.

Don't forget to train your users to not click through certificate warnings!

I hope that helps you,

Jonathan

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded