Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Geert_m
New Contributor

Created on ‎04-03-2024 07:49 AM

Configuring security profiles Fortigate

Hello,

I am planning to configure security profiles in some of the firewall policies that are on my FortiGate. My question about this is, if I need a valid/signed certificate installed on Fortigate and my hosts to inspect all traffic passing the FortiGate in order to inspect all data from packets and block certain traffic because it contains malware etc?

 

How does this work, can someone explain me?

Kind regards,

 

 Geert

2216
0 Kudos
13 REPLIES 13
ozkanaltas
Valued Contributor III
In response to Geert_m

Created on ‎04-04-2024 06:14 AM

Hello @Geert_m ,

 

For example, if you want to use a web filter, you need to use ssl-deep inspection. if the website uses https FortiGate can't see the URL and URI because of that Fortigate can't block these websites. 

 

Or if you want to use app control on FortiGate some signature needs to ssl-deep inspection. You can see these signatures in the application signatures menu. If the signature has a lock sign, this signature needs deep inspection for recognized. 

 

For example image.png

 

If you use proxy-based inspection mode. Fortigate automatically does SSL offload even if you don't add a deep inspection profile on your firewall policy.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
401
0 Kudos
hbac
Staff
Staff
In response to Geert_m

Created on ‎04-04-2024 06:16 AM

Hi @Geert_m,

 

It only happens with facebook.com or all the websites?

 

Regards, 

399
0 Kudos
hbac
Staff
Staff

Created on ‎04-03-2024 08:42 AM

Hi @Geert_m,

 

If you are planning to use deep inspection, you will need to install a trusted certificate to avoid certificate warning. Alternatively, you can import the FortiGate build-in certificate to the browser. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a...

 

Regards, 

513
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.