Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ykonstantakopoulos
New Contributor III

SSL offloading/STARTTLS port 587

Hello, We need to inspect SSL/TLS traffic for inbound connections to an internal exchange server. We were instructed by fortinet that we can do this only by using SSL offloading. We are using server load balancing feature in order to offload SSL and we are able to inspect HTTPS and IMAPS. but we also using STARTTLS on port 587 for SMTP and we are really stuck on how we can inspect this traffic. when creating the virtual server if we use SSL or SMTPS on port 587, we have the option to tell fortigate to use the exchange server' s certificate but as the external clients use STARTTLS over SMTP then traffic is broken. If we use on virtual server object TCP on port 587 we have no option to select the exchange' s certificate. Of cource in that case external clients connecting to the exchange server are able to send emails, but obviously we don' t do any inspection of the traffic when switched to TLS/SSL. Any ideas? thanks for any help in advance Is there a way to do SSL offloading when using STARTTLS (port 587) on exchange server?
1 REPLY 1
abarushka
Staff
Staff

Hello,

 

SSL offloading in case of virtual server and STARTTLS is currently not supported.

FortiGate
Labels
Top Kudoed Authors