Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpriya
Staff & Editor
Staff & Editor

Created on ‎11-29-2021 03:54 AM Edited on ‎10-25-2024 07:04 AM By Moderator

Article Id 199851

Technical Tip: How to change SSL Inspection from certificate-inspection to no-inspection

Description This article describes how to change the SSL Inspection profile from certificate-inspection to no-inspection in a firewall policy from 6.2.0 if the Security Profiles are enabled.
Scope

FortiGate.
Solution

In the Security Profiles section, if no security profiles are enabled, the default SSL Inspection is 'no-inspection'.

 

bpriya_0-1638184678537.png

 

If any security profile is enabled, it will not be possible to select 'no-inspection' as it will not appear in the list.

 

ssl inspection.PNG

 

In order to change from 'certificate-inspection' to 'no-inspection', it is necessary to disable all security profiles in the policy.

 

To change the SSL Inspection profile to 'no-inspection' from the CLI, first disable all the security profiles and then set ssl-ssh-profile to no-inspection. 

 

FortiGate-101E (root) # config firewall policy

FortiGate-101E (policy) edit 1

FortiGate-101E (1) set utm-status disable

FortiGate-101E (1) set ssl-ssh-profile no-inspection

FortiGate-101E (1) end

 

Related article: 

Technical Tip: How to disable SSL Inspection
5347
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.