Created on
12-30-2014
01:50 PM
Edited on
09-11-2025
10:51 PM
By
Jean-Philippe_P
Description
This article describes the steps to disable SSL/SSH inspection for a specific policy. It will also describe how to disable SSL/SSH inspection using a 'no-inspection' profile.
Scope
Solution
FortiOS v6.2 to v7.6:
The profile named 'no-inspection' that is mentioned below, exists by default and can be used in policies
Alternatively to this profile, consider using the firewall policies the option 'set utm-status disable' in CLI, or disable all security profiles under the firewall policy in the GUI. Once disabled, no-inspection will appear under the options in SSL Inspection.
This will cause the policy to behave like a simple allow/deny policy or access list. No other security can be applied.
Also, consider the exempt list for the particular websites that do not work well with inspection enabled (some domains already included):
FortiOS v5.4 to v6.0:
For the previous FortiOS 5.2 version (no longer supported):
Related article:
Technical Tip: How to change SSL Inspection from certificate-inspection to no-inspection
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.