Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
dingjerry_FTNT
Staff
Staff

Created on ‎02-09-2025 10:21 PM Edited on ‎02-09-2025 10:24 PM By Staff

Article Id 375407

Technical Tip: Explanation of 'Inspect All' in SSL/SSH inspection profile

Description This article explains the behavior of 'Inspect All' in an SSL/SSH inspection profile.
Scope FortiProxy.
Solution

When creating or editing an SSL/SSH inspection profile, there is an option called 'Inspect All'.

 

Inspect-all.png

 
  • Full SSL Inspection: Performs complete deep inspection of detected SSL traffic.
  • SSL Certificate Inspection: Only inspects SSL certificates.
  • Disable (Default): Disables the inspect-all mechanism, and relies only on port matching (the 'Protocol Port Mapping' list).

 

For example, if the traffic is detected as HTTPS traffic with port 443, it matches one port in the 'Protocol Port Mapping' list, so the method in the 'Inspection Method' will be used to inspect the traffic.

 

If the traffic is detected as HTTPS traffic with port 444 which is not on the 'Protocol Port Mapping' list:

  • If 'Disable' is selected, FortiProxy will bypass the traffic with no SSL inspection.
  • If either 'Full SSL Inspection' or 'SSL Certificate Inspection' is selected, FortiProxy performs the level of SSL Inspection respectively on this port-444 HTTPS traffic.
588
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.