FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description For troubleshooting purpose it is necessary to mirror SSL inspected traffic on different interface.
This article describes how to 'mirror' SSL inspected traffic.
Solution It is possible to 'mirror' or send a copy of traffic decrypted by SSL inspection to one or more FortiGate interfaces so that the traffic can be collected by a raw packet capture tool for archiving or analysis. This feature is available if the inspection mode is set to flow-based.
Causion: Decryption, storage, inspection, and use decrypted content is subject to local privacy rules. Use of these features enable malicious users with administrative access to the FortiGate to harvest sensitive information submitted using an encrypted channel.
In this example, the setting enables the policy to send all traffic decrypted by the policy to the FortiGate PORT1 and PORT2 interfaces.
# config firewall policy edit 0 set ssl-mirror enable set ssl-mirror-intf port1 port2 end