FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff
Description
For troubleshooting purpose it is necessary to mirror SSL inspected traffic on different interface.

This article describes how to 'mirror' SSL inspected traffic.

Solution
It is possible to 'mirror' or send a copy of traffic decrypted by SSL inspection to one or more FortiGate interfaces so that the traffic can be collected by a raw packet capture tool for archiving or analysis.
This feature is available if the inspection mode is set to flow-based.

Causion: Decryption, storage, inspection, and use decrypted content is subject to local privacy rules.
Use of these features enable malicious users with administrative access to the FortiGate to harvest sensitive information submitted using an encrypted channel.

In this example, the setting enables the policy to send all traffic decrypted by the policy to the FortiGate PORT1 and PORT2 interfaces.
# config firewall policy
    edit 0
        set ssl-mirror enable
        set ssl-mirror-intf port1 port2
end

Contributors