Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ncmath
New Contributor

FortiADC - switching between client ssl profiles

Hi. We are migrating from Citrix Netscaler to FortiADC. On the netscaler we had client authentication ssl profile depending on which URL the client accessed, and being able to switch between them depending on what the accessed.

How do we change Client SSL profiles dynamically using the FortiADC scripting ?

Is there a list of internal referenced functions that can be used in the Scripts ? ie. LB::, SSL:: VS::.. 

On F5 you can do something like this:

when HTTP_REQUEST {

if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {
if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
set cmd "SSL::profile /Common/require_clientssl"
eval $cmd
SSL::renegotiate
event disable all
}
}
}

1 REPLY 1
Aashiq_Z
Moderator
Moderator

Hello @ncmath ,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks and regards,
Aashiq Zainulabdeen