Hello,
I am planning to configure security profiles in some of the firewall policies that are on my FortiGate. My question about this is, if I need a valid/signed certificate installed on Fortigate and my hosts to inspect all traffic passing the FortiGate in order to inspect all data from packets and block certain traffic because it contains malware etc?
How does this work, can someone explain me?
Kind regards,
Geert
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Geert_m ,
For example, if you want to use a web filter, you need to use ssl-deep inspection. if the website uses https FortiGate can't see the URL and URI because of that Fortigate can't block these websites.
Or if you want to use app control on FortiGate some signature needs to ssl-deep inspection. You can see these signatures in the application signatures menu. If the signature has a lock sign, this signature needs deep inspection for recognized.
For example
If you use proxy-based inspection mode. Fortigate automatically does SSL offload even if you don't add a deep inspection profile on your firewall policy.
Hi @Geert_m,
If you are planning to use deep inspection, you will need to install a trusted certificate to avoid certificate warning. Alternatively, you can import the FortiGate build-in certificate to the browser. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.