Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
btan
Staff
Staff

Created on ‎03-06-2024 10:22 PM

Article Id 302617

Technical Tip: 'Force Certificate Inspection; option in FortiSASE Firewall Policy

Description

 

This article explains the 'Force Certificate Inspection' option in FortiSASE Firewall Policy.

 

Scope

 

FortiSASE Firewall Policy Configuration.

 

Solution

 

kb-force1.PNG
Once this option is enabled, the Firewall policy will use 'Certificate Inspection' only and will not perform SSL deep inspection, even when SSL deep inspection is defined in Profile Group.

The below features will not work if 'Force Certificate Inspection' is ticked in the firewall policy:

  • Split DNS.
  • Web Filter with Inline-CASB.
  • Safe Search in Web Filter.
  • File Filter.
  • DNS filter.
  • Application Control with Inline-CASB.

If using the above feature, do not tick 'Force Certificate Inspection' in the Firewall policy.
This option can be ticked to surpass deep inspection for certain security-intensive traffic. For example, banking or financial sites (Banking websites may not allow deep inspection).

70
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.