FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains the cause of an issue where, after adding an exemption for a specific website, FortiGate produces errors about certificate issues when the website is using an untrusted certificate.
When using SSL exemptions, Fortigate will ONLY exempt the content of the selected flows from inspection. SSL exemption excludes the session from being 'deep scanned', and UTM inspection would be disabled.
However, checks for trusted or untrusted certificates against SNI or CN are still performed because this happens during the SSL negotiation stage. As a result, the settings are separated in two configuration menus:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.