FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to configure the exemption of Windows updates from SSL inspection.

Refer to the related article for earlier FortiOS versions.

FortiOS v5.2.

This can be configured through the FortiGate GUI.

  •  Go to Policy & Objects > Objects > Addresses > create address objects of type FQDN for each domain.

  • Verify the FQDN address object status by running following CLI command;

# diagnose firewall fqdn list

Example :

# diagnose firewall fqdn list
List all FQDN: ID(255) REF(1) ADDR( ADDR( ADDR( ADDR(

  • Go to Policy & Objects > Policy > SSL/SSH Inspection > select Full SSL Inspection Profile > under "Exempt from SSL Inspection" add the Addresses that were previously entered in step 1.

Related Articles

Technical Note : FortiOS How to use SSL exemption for Microsoft Windows Updates