Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
epinheiro
Staff
Staff

Created on ‎01-21-2026 02:42 AM

Article Id 427239

Technical Tip: Unable to deep inspect Microsoft Copilot AI prompts

Description This article describes how to perform Deep Packet Inspection (DPI) on generative AI applications.
Scope FortiGate, Deep Inspection, Generative AI Prompts.
Solution

FortiGate is capable of performing deep packet inspection (DPI) on traffic destined for major AI applications, including, but not limited to: ChatGPT, Gemini, and Copilot

 

However, a specific configuration is required to ensure inspection works correctly for Microsoft destinations.

 

Beyond applying the Application Control profile that allows or monitors the Generative AI category or application required, it is necessary to disable the certificate exemption, which is often enabled by default for Microsoft domains, to inspect this traffic successfully. This is achieved by creating a Custom Deep Inspection Profile, removing the 'Microsoft' FQDN, and applying the custom SSL inspection profile to the firewall policy:

Microsoft Destination.png

 

Firewall policy sample:

 

Firewall policy.png

 

To check the logs: Security Events -> Logs -> Application Control:
 

Security Event Logs.png

 

Some applications display this information under Application Details, as shown above, while others require select it to view the necessary details:

 

Copilot Prompt.png
56
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.