FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
simonz_FTNT
Staff
Staff
Article Id 219843
Description

This article discusses about supported interface to use SSL mirror in proxy inspection.

Loopback interface is not supported and it will be necessary to get malformed packet in the capture as per below screenshot

sslmirror_loopback.JPG

Scope  
Solution

If there is no available port to use, use VLAN interface instead by creating a dummy VLAN interface as below

 

# config system interface

    edit "vlan600"

        set vdom "root"

        set device-identification enable

        set role lan

        set snmp-index 25

        set interface "port9"

        set vlanid 600   <----- Define any VLAN ID that not used in production.

    next

end

 

# config firewall decrypted-traffic-mirror

    edit "mirror"

        set interface "vlan600"

    next

end

 

Reference KB article SSL-Mirror:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Support-SSL-mirroring-in-proxy-mode/ta-p/1...