Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

SeVe
New Contributor

Created on ‎02-07-2020 07:33 AM

TLS 1.3 and Kerberos vs. TS-Agent

Hi everyone,

currently i have to figure out 2 things for a customer.

1. Is it possible to inspect TLS 1.3 traffic for anti-virus and url-filter with the fortigate? Flow-based, proxy-based or only explicit-proxy?
2. I read that fortigate can do kerberos authentification when using the explicit proxy. Does anybody know if it works well for terminal servers or should i use the TS-Agent?

Can anybody answer 1 one or both questions?

Thank you. Best regards.


Sebastian Vey | DRAI Consult
E-Mail: s.vey@draiconsult.de
DRAI Consult GmbH & Co. KG
Sebastian Vey | DRAI ConsultE-Mail: s.vey@draiconsult.deDRAI Consult GmbH & Co. KG
Labels:
600
0 Kudos
1 Solution
HupfRudo
New Contributor

Created on ‎04-15-2020 05:33 AM

Hello

to 1. it works with SSL VPN
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/35927/tls-1-3-support
As SSL Server
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47746 
SSL inspection should work, from the perspective of the technic..
  • URL Filtering, along the SSL Inspections resolves the TLS Header and content is visible and able to process.
  • Anti-Virus should work, in the same manner, the architecture of the Forti OS Software don't need any additional configuration.

View solution in original post

579
0 Kudos
1 REPLY 1
HupfRudo
New Contributor

Created on ‎04-15-2020 05:33 AM

Hello

to 1. it works with SSL VPN
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/35927/tls-1-3-support
As SSL Server
https://kb.fortinet.com/kb/documentLink.do?externalID=FD47746 
SSL inspection should work, from the perspective of the technic..
  • URL Filtering, along the SSL Inspections resolves the TLS Header and content is visible and able to process.
  • Anti-Virus should work, in the same manner, the architecture of the Forti OS Software don't need any additional configuration.
580
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.