Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jangelis
Staff
Staff

Created on ‎09-29-2022 08:58 AM

Article Id 225289

Technical Tip: Recommended configuration for HTTPS Virtual Server with deep inspection

Description This article describes the recommended configuration on the FortiGate for an HTTPS Virtual Server with deep inspection.
Scope FortiGate
Solution

1) Import the server certificate.

Go to System - > Certificates and select Create/Import - > Certificate

 

Import certificateImport certificate

 

2) Configure the Virtual Server.

Go to Policy & Objects - > Virtual Servers and select 'Create New'.

 

Virtual Server configurationVirtual Server configuration

 

Note: In SSL-offloading choose the imported certificate.

 

3) Configure the SSH/SSL profile

Go to Security Profiles - > SSL/SSH Inspection and select 'Create New'.

 

SSL/SSH profile configurationSSL/SSH profile configuration

 

Note: 'Inspect All Ports' should not be set as the port for this setup is already known and it may lead to a performance degradation.

 

4) Configure policy

Go to Policy & Objects - > Firewall Policy and select 'Create New'.

 

Policy configurationPolicy configuration

 

Note: Inspection mode must be set to proxy, otherwise the Virtual server will be filtered out in the 'Destination' field.

 

Related KB article:

Technical Tip: Configure virtual server  
Labels:
7593
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.