SSL Inspection - policy needed for inbound AND outbound? (30E v5.6)

Forum|Forum|8 years ago
January 12, 2018
1 reply
3954 views

Hello. I have successfully enabled SSL inspection by creating a new deep inspection policy, then ticking the slider to enable it on the default LAN-WAN policy. Now, every HTTPS site is verified by the default Fortinet certificate.

Do I now need to create a "WAN-LAN" policy and enable SSL inspection there? Or will just having SSL inspection on the LAN-WAN policy be enough? One thing, the device datasheet lists SSL inspection throughput to be 130mbps, but with the above configuration I can still get ~940mbps of WAN-LAN throughput on out AT&T 1G/1G fiber connection....

Best answer by tanr

If you're not running your own servers you don't need a wan->lan policy, and probably don't want one as it would open up your network to access from the wan!

The security profiles you set on your lan->wan policies will work on inbound traffic as well, since that will be part of the sessions initiated from your lan.

tanrAnswer

New Member

If you're not running your own servers you don't need a wan->lan policy, and probably don't want one as it would open up your network to access from the wan!

The security profiles you set on your lan->wan policies will work on inbound traffic as well, since that will be part of the sessions initiated from your lan.

train_wreckAuthor

New Member

Very good, thought this was the case. Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded