Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Adrian_Buckley_FTNT
Staff
Staff

Created on ‎02-16-2010 05:39 PM Edited on ‎04-08-2022 11:31 AM By Anonymous

Article Id 193720

Technical Tip : FortiGate Intercepts POP3S, SMTPS and IMAPS certificates

Purpose

This article describes a situation that can be encountered when using a protection profile on encrypted email traffic.

In 4.0, on devices that support SSL Deep inspection, there are options for POP3S, IMAPS and SMTPS protocols.  These protocols are similar to HTTPS, in that communications are initiated with an SSL Certificate.

With a protection profile in place the certificate can look like if it was signed by Fortinet.  This is expected behavior if the unit is supposed to inspect the traffic. 

The only way this can be done is to man-in-the-middle the traffic.

This is also the default behavior of a protection profile.  Sometimes this behavior needs to be disabled.


Scope
FortiOS v4.0 and above, on devices that support SSL Deep Inspection.
Expectations, Requirements

The following CLI settings can be used to disable the proxies
config firewall profile
edit "(profile name)"
set imaps fragmail no-content-summary
set smpts fragmail no-content-summary
set pop3s fragmail no-content-summary
end
Labels:
11796
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.