ssl offloading configuration

Forum|Forum|11 years ago
November 28, 2014
1 reply
11530 views

Hello,

Does anyone have configured ssl offloading on the fortigate? I have used the 'cookbook' but it doesn't explain too well how to configure half mode ssl server configuration.

I need to decrypt incoming https and forward this unencrypted to backend http server.

What I configured:

conf firewall policy

set dstaddr "vip-to-webserver" => 157.52.x.x to 172.16.16.15

set service https

set webcache enable

set webcache-https ssl-server

and:

config wanopt ssl-server

edit webserver1

set ip 172.16.16.15

set port 443

set ssl-mode half

set mapped-port 80

set ssl-cert <webserver certificate>

Please advise.

Thank you in advance,

Kind regards,

Ralph

Best answer by dbarroco

You already have it working, but in case you want to read this:

http://sysmagazine.com/posts/210582/

Ralph1973Author

New Member

Okay this works :)

The customers' web server didn't reply to http requests on port 80 and therefore it didn't work in the first place.

Thanks,

Ralph

dbarrocoAnswer

New Member

You already have it working, but in case you want to read this:

http://sysmagazine.com/posts/210582/

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded