Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
simonz_FTNT
Staff
Staff

Created on ‎08-04-2022 10:38 PM

Technical Tip: Supported interface for SSL Mirror

Description

This article discusses about supported interface to use SSL mirror in proxy inspection.

Loopback interface is not supported and it will be necessary to get malformed packet in the capture as per below screenshot

sslmirror_loopback.JPG
Scope  
Solution

If there is no available port to use, use VLAN interface instead by creating a dummy VLAN interface as below

 

# config system interface

    edit "vlan600"

        set vdom "root"

        set device-identification enable

        set role lan

        set snmp-index 25

        set interface "port9"

        set vlanid 600   <----- Define any VLAN ID that not used in production.

    next

end

 

# config firewall decrypted-traffic-mirror

    edit "mirror"

        set interface "vlan600"

    next

end

 

Reference KB article SSL-Mirror:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Support-SSL-mirroring-in-proxy-mode/ta-p/1...
Labels:
200
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.