Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Paddy
New Contributor

SSL Deep Inspection Discussion

I know that I can check the certificate when I am browsing and see it's secured by the Fortinet certificate.   I am mostly interested in seeing, for my own eyes, that its working for my Outlook POP3, IMAP SSL connections as well.   I have combed through the logs and do not see anything within the log that it says SSL deep packet inspection is turned on.    This can be that hard to show that it's working and make it part of the selling point of the UTM bundle. 

 

Thoughts?

2 REPLIES 2
TecnetRuss
Contributor

This doesn't directly answer your specific question, but the way I demonstrate the value of DPI is to set up an Internet access policy with AV enabled and show that with DPI enabled the FortiGate blocks any attempt to download the EICAR antivirus test file over HTTPS.  When you flip the policy to normal certificate inspection the EICAR file isn't blocked over HTTPS.  This is also a good sanity check to make sure that DPI is properly protecting clients.

 

Russ

NSE7

Paddy

Thanks!  Good idea!

Labels
Top Kudoed Authors