Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rphulekar
Staff
Staff

Created on ‎04-20-2015 07:50 AM Edited on ‎05-25-2022 02:42 PM By Anonymous

Article Id 191778

Technical Note: SSL inspection is enabled by default in 5.2.x

Description

In FortiOS v5.2.x, when any of the UTM/Security profiles (Antivirus, Webfilter etc) are enabled, automatically the ssl inspection is also enabled by default.


Solution

This feature can only be disabled via the CLI (enabled by default):

config firewall policy
edit 2
show
unset ssl-ssh-profile     <------
show
end

For more information please refer to the relevant CLI reference guide.

If there is a need for more than 2 firewall policies with and without ssl-inspection. A new ssl inspection profile can be created and named as "dummy" and use this profile quickly wherever it is needed without going to CLI and disable manually.

Go to > Policy > SSL inspection > click on the + mark at the right hand side > Name = dummy> choose Full inspection > disable all or some protocols e,g, HTTPS, SMTPS etc > click OK to Save the changes. (So, This profile will be dummy and will not make any port scanning).

Now go to the Firewall policy and use this new ssl inspection profile wherever it is needed.
 

 

Labels:
2041
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.