I am trying to decrypt SSL traffic for analysis using the setting "ssl-mirror" under the policy. This is on a 60D running 5.4.4 and I am capturing traffic between internal1 and wan1, and mirroring it to internal7. Internal1 is in a virtual-switch.
It appears to be working, but Wireshark is not seeing the traffic. I disabled any local firewalls and ensured that interfaces are being put into promiscuous mode. Running 'diag packet sniffer' while HTTPS traffic hits the policy I do see the traffic on the console - and if I convert the output using fgt2eth.exe it is the traffic in question. And, the Tx counters on the interface are incrementing.
But for some weird reason Wireshark is not seeing it all.
Curious if anyone is using ssl-mirror and if they got it to work, and if there are any special considerations.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FortiNet TAC got back to me. The ssl-mirror feature is currently broken. Their bug ID is 0408993 and they have confirmed that regardless of the machine used, it never actually receives the traffic.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.