FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 196840



This article describes how to enable a deep inspection profile in the IPv4 policy and import a certificate in the browser to avoid certificate warnings.







Note: The following steps must be undertaken in flow mode. They will not have the intended results in proxy mode.
To import Fortinet_CA_SSL to the browser:
  1. On the FortiGate, go to Security Profiles -> SSL/SSH Inspection and select 'deep-inspection'.
  2. The default CA Certificate is Fortinet_CA_SSL.
  3. Select 'Download Certificate'.

  1. On the client PC, select the certificate file and select 'Open'.
  2. Select 'Install Certificate' to launch the certificate import wizard and use the wizard to install the certificate into the trusted root certificate authorities store.
cert store.png
If a security warning appears, select 'Yes' to install the certificate.

Install a certificate with trusted root authority only.
The image above explains the steps to enable deep inspection in the IPv4 policy.
These steps are as follows:
  1. On the FortiGate, go to Policy and Objects -> IPv4 Policy and edit the traffic policy.
  2. Under the section 'SSL Inspection', select the created SSL deep inspection profile.
  3. Select Apply or Ok to save the changes.