Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nkojha
Staff
Staff

Created on ‎09-17-2019 01:14 AM Edited on ‎12-04-2025 06:40 AM By Community Manager

Article Id 196360

Technical Tip: Custom Full Inspection with Inspect All ports

Description

 

This article describes how to configure the SSL/SSH Inspection profile to inspect traffic on all ports.
By default, the deep-inspection profile will not inspect all ports, and some traffic might not be inspected completely.

Scope

 

FortiGate v7.0+.

Solution

 

  1. Clone the deep-inspection profile. Under Security Profiles -> SSL/SSH Inspection, 'right-click' on deep-inspection and select 'Clone'. Provide a new name, for example 'Clone of deep-inspection', and select OK to save. 

Screenshot 2025-12-03 153454.png

 

  1. Edit the 'Clone of deep-inspection' profile, enable 'Inspect All Ports', and select OK.
 
Screenshot 2025-12-03 153958.png

 

  1. Under Policy & Objects -> Firewall Policy, select the corresponding firewall policy and select 'Edit'. Change 'SSL Inspection' to 'Clone of deep-inspection' and select OK to save. 

Screenshot 2025-12-03 154343.png

 

To enable 'Inspect All Ports' in the CLI: 

 

config firewall ssl-ssh-profile

    edit "Clone of deep-inspection"

        config ssl

            set inspect-all deep-inspection
        end

    next

end

4240
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.