| Description | This article explains how to implement SSL Deep Inspection on an IPv6 Policy when proxy UTMs are applied in a policy. |
| Scope | All supported versions of FortiOS. |
| Solution |
This example assumes a user is attempting to implement SSL deep inspection on an IPv6 policy.
When SSL deep inspection is enabled on a FortiGate, the device acts as an intermediary between the user and the server. The FortiGate first intercepts the SSL/TLS traffic coming from the user. It then decrypts this traffic using its certificate, allowing the content to be thoroughly inspected by various security profiles such as Intrusion Prevention System (IPS), Antivirus, and Web Filtering.
Once the inspection is complete, the traffic is re-encrypted and sent to the server. To avoid SSL certificate warnings, it is necessary to install the FortiGate certificate on client devices.
When dealing with IPv6 policies, there are specific considerations to keep in mind when applying deep inspection. To ensure that SSL deep inspection functions correctly and that the FortiGate certificate is visible to the users, administrators should not use the 'inspect all ports' setting in the protocol port mapping configuration. Instead, it should be configured for SSL inspection on custom ports when proxy mode is used.
|
