SSL Inspection is being ignored

Forum|Forum|1 year ago
January 28, 2025
2 replies
1235 views

Just ran into this issue and wanted to let you know:

If on a policy the security profiles is disabled (which is the Fortnet default if all filters are empty) you are still forced to enter a ssl inspection profile. However if the profiles are disabled and there is only the ssl inspection profile in the policy then FortiOS ignores that even though you are forced to enter one! In this constellation a Deep Inspection or certificate inspection profile will be ignored and no inspection is done at all!

If you enable the security profiles in the policy and add at least one more filter profile besides the ssl inspection one then ssl inspection will work as set in that profile.

This was reproduceable on several models (FGT100F and FGT100E and FGT300E) here with latest MA release of FOS 7.2.

This can create security issues when one has set only ssl inspection on a policy!

Also, Fortinet, why are you forcing me to add a ssl inspection profile and then ignore it?!

I also opened a TAC Ticket on this...

abarushka

Staff

Hello,

Reported behavior is documented. Please find the details by following the link below:

"Important Note:

Deep inspection only works if there is at lest one Security Profile enabled. Without a Security Profile enabled, deep inspection is not triggered."

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a/ta-p/196840

sw2090Author

SuperUser

that is on line on the very bottom of that document...

still weird to me that you cannot have DPI on its own on a policy...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded