Use fortigate packet inspection to decrypt and send decripted data to Fireeye

Question

Hi all.

it's possible to reach how described in subject?

i've to use Fortigate to decrypt https data and send decrypted data to FireEye to analyze and than re-encrypt.

"client" <--> lan <--> fortinet <--> decrypted data <--> fireeye <--> encrypted data <--> internet.

how can i reach this?

thanks

romanr · Answer

Hi,

you can use the new feature of 5.4 to send the unencrypted stream to a configured interface.

Fireeye will see the unencrypted traffic then - but will not interact with the traffic itself!!

Mirroring of traffic decrypted by SSL inspection (275458) This feature sends a copy of traffic decrypted by SSL inspection to one or more FortiGate interfaces so that it can be collected by raw packet capture tool for archiving and analysis. This feature is available if the inspection mode is set to flow-based. Use the following command to enable this feature in a policy. The following command sends all traffic decrypted by the policy to the FortiGate port1 and port2 interfaces. conf firewall policy edit 1 set ssl-mirror enable/disable set ssl-mirror-intf port1 port2 next

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded