- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Application visible also with Certificate Inspection only?
Hi Community, a short question maybe a short answer?
I know the difference between Deep Inspection and Certificate Inspection. But I've struggled on a customers question:
How the Fortigate is able to detect a specific Application Signature (i.e. Whats App Web instead of Whats App Messaging) if I only use Certificate Inspection? The Packets are both encrypted in SSL at Port 443 and if I understand it right, Certificate Inspection only checks the CN in the Certificate? But if I use FortiView I'm able to see which Application is used by the User.
How they do that? The traffic is encrypted and the system shouldn't be able to "see", which Application Signature the packages are contains?
Thanx for any thoughts on this...
FCNSA 5, FCNSP 5, NSE 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how exactly can only Fortinet say, but i can think of some ways.
application control doesnt only check certificate CNs, but use more things like ports, IPs, ...
but even when looking at the CN it is probably different between both those two, your browser goes to web.whatsapp.com but your phone with probably go to somethingelse.whatsapp.com
there might be different servers that handle web and phones, so destination IPs can be used.
