FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mpankovski_FTNT
Description
This article explains how to configure the exemption of Windows updates from SSL inspection.

Refer to the related article for earlier FortiOS versions.

Scope
FortiOS v5.2.

Solution
This can be configured through the FortiGate GUI.

  •  Go to Policy & Objects > Objects > Addresses > create address objects of type FQDN for each domain.

  • Verify the FQDN address object status by running following CLI command;

# diagnose firewall fqdn list

Example :

# diagnose firewall fqdn list
List all FQDN:
windowsupdate.microsoft.com: ID(255) REF(1) ADDR(191.232.80.55) ADDR(65.55.50.157) ADDR(65.55.50.158) ADDR(65.55.50.189)

  • Go to Policy & Objects > Policy > SSL/SSH Inspection > select Full SSL Inspection Profile > under "Exempt from SSL Inspection" add the Addresses that were previously entered in step 1.
mpankovski_FD37411_tn_FD37411-1.jpg


Related Articles

Technical Note : FortiOS How to use SSL exemption for Microsoft Windows Updates

Contributors