Description
This article describes how to enable a deep inspection profile in the IPv4 policy and import a certificate in the browser to avoid certificate warnings.
Scope
FortiGate.
Solution
Note: The following steps must be undertaken in flow mode. They will not have the intended results in proxy mode.
To import Fortinet_CA_SSL to the browser:
- On the FortiGate, go to Security Profiles -> SSL/SSH Inspection and select 'deep-inspection'.
- The default CA Certificate is Fortinet_CA_SSL.
- Select 'Download Certificate'.
- On the client PC, select the certificate file and select 'Open'.
- Select 'Install Certificate' to launch the certificate import wizard and use the wizard to install the certificate into the trusted root certificate authorities store.
If a security warning appears, select 'Yes' to install the certificate.
Note:
Install a certificate with trusted root authority only.
The image above explains the steps to enable deep inspection in the IPv4 policy.
These steps are as follows:
- On the FortiGate, go to Policy and Objects -> IPv4 Policy and edit the traffic policy.
- Under the section 'SSL Inspection', select the created SSL deep inspection profile.
- Select Apply or Ok to save the changes.