Skip to main content
rlizh
rlizh
New Member
April 3, 2018
Question

SSL Offloading Test on Fortigate Firewall 100D

  • April 3, 2018
  • 1 reply
  • 25899 views

Hi all,

 

I am new to Fortinet which I would like to ask for advise and help regarding request on enabling SSL Offloading on the Fortigate Firewall (100D). Which requires tests to ensure the capability of SSL Offloading on the firewall

 

Advise and help is needed! Thank You!

    1 reply

    Markus
    Markus
    New Member
    April 3, 2018

    Hi,

     

    Welcome to the Forums.

     

    SSL Offlading requires the loadbalancing feature enabled (System --> Feature Visibility --> Loadbalance) You can use the default SSL certificates, but they will generate errors in the browser (I assume for testing it's ok)

    otherwise you can import your own certificates (System --> Certificates) Create one ore more virtual servers and one or more policies to allow https

    http://help.fortinet.com/...db-ssl-tls-offload.htm

    rlizh
    rlizhAuthor
    New Member
    April 4, 2018

    mgrosni wrote:

    Hi,

     

    Welcome to the Forums.

     

    SSL Offlading requires the loadbalancing feature enabled (System --> Feature Visibility --> Loadbalance) You can use the default SSL certificates, but they will generate errors in the browser (I assume for testing it's ok)

    otherwise you can import your own certificates (System --> Certificates) Create one ore more virtual servers and one or more policies to allow https

    http://help.fortinet.com/...db-ssl-tls-offload.htm

    Hi Markus,

     

    How can I solve the errors generated by browser by using the default SSL certificates? Is the default SSL certificates only for testing purposes? And also is it a 'must' to configure virtual servers to allow https connection to browser?

    Markus
    Markus
    New Member
    April 4, 2018

    Hi Royston To clarify, do you want Server SSL Offloading (e.g. connections from Internet to your https server), or do you want to inspect https traffic coming from client to Internet?

    If you want to inspect client traffic, you don't need virtual server. For Client inspection you have to configure UTM with SSL Inspection. Some explanation for Client Inspection http://cookbook.fortinet.com/preventing-certificate-warnings-54/

     

    Terms & ConditionsAccessibility statement