Description
This article describes how to enable multiple certificates for inbound SSL Inspection.
Example: If there is a Server behing FortiGate and it is needed to allow external users to access different services.
Useful link:
Fortinet documentation:
Related KB: Technical Tip: VIP creation with same External IP and Mapped IP (https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD46010)
Solution
Scenario:
There is a server running different services and it is required to assign multiple certificates.
1) Create a VIP for each service to publish
2) Import each of the certificates to be used and create a new SSH / SSL profile that uses each certificate.
Go to Secuirty Profile -> SSL/SSH Inspection
This article describes how to enable multiple certificates for inbound SSL Inspection.
Example: If there is a Server behing FortiGate and it is needed to allow external users to access different services.
Useful link:
Fortinet documentation:
Related KB: Technical Tip: VIP creation with same External IP and Mapped IP (https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD46010)
Solution
Scenario:
There is a server running different services and it is required to assign multiple certificates.
1) Create a VIP for each service to publish
2) Import each of the certificates to be used and create a new SSH / SSL profile that uses each certificate.
Go to Secuirty Profile -> SSL/SSH Inspection
3) Create a firewall policy that allows access to the servers from the Internet.
4) Apply the corresponding profiles in each firewall policy.. Currently SSh / SSL Inspection profile in the firewall policy on the GUI:
