BADSSL test results with deep inspection enabled

Support Forum

The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

We enabled deep inspection (using the internal Fortigate certificate and the default deep inspection policy) this morning on our FG100D (v5.2.10,build742) and one of our team thought to run a test on BADSSL.com and came back with interesting results where users aren't prompted if they want to continue to the site where for example there is a self-signed or untrusted-root certificate but instead they browse straight to the site, but if only certificate inspection is enabled they are prompted. (tests were in both IE11 and Chrome v58.0.3029.110)

So I am wondering if this behaviour is because when testing against badssl.com and using deep inspection, browsing is allowed to continue without any warnings because deep inspection of the traffic doesn't detect any threats or do I need to\should I configure additional settings in my policies

6145

0 REPLIES 0

Top Kudoed Authors

User

Count

2570

1364

796

651

455

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

BADSSL test results with deep inspection enabled

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website