Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpriya
Staff
Staff

Created on ‎11-29-2021 03:54 AM Edited on ‎11-29-2021 04:21 AM By Community Manager

Article Id 199851

Technical Tip: How to change SSL inspection from certificate inspection to no-inspection

Description This article describes the it is not possible to SSL inspection from certificate inspection to no-inspection from 6.2.0 if the security profiles are enabled.
Scope

 
Solution

In the Security Profiles section, if no security profiles are enabled, the default SSL Inspection is no-inspection.

 

bpriya_0-1638184678537.png

 

In the Security Profiles section, if any security profile is enable, the SSL Inspection changes to certificate-inspection.

 

bpriya_1-1638184707612.png

 

In order to change from certificate-inspection to no-inspection, it is necessary to disable the security profiles in the policy.

 

To change the SSL-SSH -profile to no-inspection from the CLI first disable all the security profiles and then set SSL-SSH-profile to no-inspection.

 

FortiGate-101E (root) # config firewall policy

FortiGate-101E (policy) edit 1

FortiGate-101E (1) set utm-status disable

FortiGate-101E (1) set ssl-ssh-profile no-inspection
1435
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.