Hi Community, a short question maybe a short answer?
I know the difference between Deep Inspection and Certificate Inspection. But I've struggled on a customers question:
How the Fortigate is able to detect a specific Application Signature (i.e. Whats App Web instead of Whats App Messaging) if I only use Certificate Inspection? The Packets are both encrypted in SSL at Port 443 and if I understand it right, Certificate Inspection only checks the CN in the Certificate? But if I use FortiView I'm able to see which Application is used by the User.
How they do that? The traffic is encrypted and the system shouldn't be able to "see", which Application Signature the packages are contains?
Thanx for any thoughts on this...
FCNSA 5, FCNSP 5, NSE 4
how exactly can only Fortinet say, but i can think of some ways.
application control doesnt only check certificate CNs, but use more things like ports, IPs, ...
but even when looking at the CN it is probably different between both those two, your browser goes to web.whatsapp.com but your phone with probably go to somethingelse.whatsapp.com
there might be different servers that handle web and phones, so destination IPs can be used.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.