Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
btan
Staff & Editor
Staff & Editor

Created on ‎03-06-2024 10:22 PM Edited on ‎07-07-2025 01:40 AM By Community Manager

Article Id 302617

Technical Tip: 'Force Certificate Inspection' explanation in FortiSASE Firewall Policy

Description

 

This article explains the 'Force Certificate Inspection' option in FortiSASE Firewall Policy.

 

Scope

 

FortiSASE Firewall Policy Configuration.

 

Solution

 

kb-force1.PNG
Once this option is enabled, the Firewall policy will use 'Certificate Inspection' only and will not perform SSL Deep Inspection, even when SSL deep inspection is defined in Profile Group.

Below features will require SSL Deep Inspection to inspect traffic:

  • Split DNS.
  • Web Filter with Inline-CASB.
  • Safe Search in Web Filter.
  • File Filter.
  • DNS filter.
  • Application Control with Inline-CASB.

If using the above features, do not tick 'Force Certificate Inspection' in the Firewall policy.
This option can be ticked to surpass deep inspection for certain security-intensive traffic. For example, banking or financial sites (Banking websites may not allow deep inspection).

Note:

FortiGuard category-based Web Filter will still function when 'Force Certificate Inspection' is enabled.

2477
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.