FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to use custom certificate for error /
block page when using explicit proxy.
Solution CLI configuration.
# config web-proxy global set ssl-cert "Fortinet_Factory" set ssl-ca-cert "Fortinet_CA_SSL" <----- Replace this certificate with certificate. set fast-policy-match enable end
The certificate used for block page, has the CA flag set to ‘True’ as the FortiGate tries to intercept the traffic with a replacement message. If the CSR is not generated on the FortiGate, certificate is imported along with the private key to FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.