Description | This article describes the it is not possible to SSL inspection from certificate inspection to no-inspection from 6.2.0 if the security profiles are enabled. |
Scope |
|
Solution |
In the Security Profiles section, if no security profiles are enabled, the default SSL Inspection is no-inspection.
In the Security Profiles section, if any security profile is enable, the SSL Inspection changes to certificate-inspection.
In order to change from certificate-inspection to no-inspection, it is necessary to disable the security profiles in the policy.
To change the SSL-SSH -profile to no-inspection from the CLI first disable all the security profiles and then set SSL-SSH-profile to no-inspection.
FortiGate-101E (root) # config firewall policy FortiGate-101E (policy) edit 1 FortiGate-101E (1) set utm-status disable FortiGate-101E (1) set ssl-ssh-profile no-inspection |