Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Chris
Contributor

Created on ‎12-23-2015 06:54 PM

(solved) FGT60D V 5.2.5 capable to scan antivirus in https?

Is the FGT60D V 5.2.5 capable to scan antivirus in https? I don't see any hints in the Antivirus Profile which point this out. When i take Proxy mode i see only the standard protocols but no https for example. In other words how can I see if FGT 60D can ssl-deep scan?

Labels:
6773
0 Kudos
1 Solution
localhost
Contributor III

Created on ‎12-24-2015 12:30 AM

I think you are mixing up SSL Certificate Inspection and Full SSL Inspection.

SSL Certificate inspecition only looks at the Common Name of the certificate and uses this value to lookup the website category.

Full SSL inspection is acting as a man-in-the-middle proxy and analyzes the datastream.

 

Enable both a full ssl inspection profile and the antivirus profile on the outgoing policy and you should be able to catch the eicar https test file.

View solution in original post

2632
0 Kudos
4 REPLIES 4
neonbit
Valued Contributor

Created on ‎12-23-2015 07:03 PM

Yes you certainly can.

 

This cookbook video quickly goes through howto enable this: https://www.youtube.com/watch?v=LemxyQ2Efg0

 

2594
0 Kudos
Chris
Contributor

Created on ‎12-23-2015 07:35 PM

Hi Neobit,

thanks for the link but thats not exactly what I mean.

SSL-Inspection exists und is preselected with the default certificate from Fortinet.

 

But have a look at the attached picture.

I am missing the secured protocols like https.

 

The fact is when I download the Eicar Testfile with https nothing happens.

So i am not sure if the FGT60D be able to can scan https traffic?

 

May be i am mixed up ssl-deep scan with antivirus https scan.

 

Preview file
27 KB
2594
0 Kudos
localhost
Contributor III

Created on ‎12-24-2015 12:30 AM

I think you are mixing up SSL Certificate Inspection and Full SSL Inspection.

SSL Certificate inspecition only looks at the Common Name of the certificate and uses this value to lookup the website category.

Full SSL inspection is acting as a man-in-the-middle proxy and analyzes the datastream.

 

Enable both a full ssl inspection profile and the antivirus profile on the outgoing policy and you should be able to catch the eicar https test file.

2633
0 Kudos
Chris
Contributor
In response to localhost

Created on ‎12-25-2015 09:56 AM

Hi localhost, thanks for the helpful hint. You are absolutely right. If I select deep Inspection antivirus scans also the file inside https. In this case it is neccessary to import the proxy certificate otherwise the browser will not accept any ssl connections. Many thanks and merry christmas.

2594
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.