Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bpriya
Staff
Staff

Created on ‎11-29-2021 03:54 AM Edited on ‎11-29-2021 04:21 AM By Community Manager

Technical Tip: How to change SSL inspection from certificate inspection to no-inspection

Description This article describes the it is not possible to SSL inspection from certificate inspection to no-inspection from 6.2.0 if the security profiles are enabled.
Scope

 
Solution

In the Security Profiles section, if no security profiles are enabled, the default SSL Inspection is no-inspection.

 

bpriya_0-1638184678537.png

 

In the Security Profiles section, if any security profile is enable, the SSL Inspection changes to certificate-inspection.

 

bpriya_1-1638184707612.png

 

In order to change from certificate-inspection to no-inspection, it is necessary to disable the security profiles in the policy.

 

To change the SSL-SSH -profile to no-inspection from the CLI first disable all the security profiles and then set SSL-SSH-profile to no-inspection.

 

FortiGate-101E (root) # config firewall policy

FortiGate-101E (policy) edit 1

FortiGate-101E (1) set utm-status disable

FortiGate-101E (1) set ssl-ssh-profile no-inspection
447
0 Kudos
Contributors

Contact Us