Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
terasto
New Contributor II

Created on ‎11-27-2025 01:26 AM Edited on ‎11-27-2025 01:32 AM

Deep SSL Inspection + WAF for Internal Server via DNAT - Not Working

ssl profile.jpgdnat.jpgACL.jpgvirtual_srv.jpgHi all,

Need help with FortiGate 7.4 SSL inspection setup:

Setup:

Internal API: 10.10.10.99:8000 (HTTPS)
External access: 3.3.3.33:8000 → DNAT to internal
Corporate CA certificates imported to FortiGate
SSL/SSH profile: "Protecting SSL Server" mode
WAF profile: Monitor mode
Policy: Proxy inspection mode with SSL + WAF profiles

 

Issue: Traffic passes through but SSL inspection doesn't work - no SSL logs, WAF not inspecting content.

 

Has anyone configured "Protecting SSL Server" for inbound API traffic? What's the correct architecture?

Thanks!

Labels:
95
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎11-27-2025 01:24 PM

Hi Terasto

I'm not aware that FGT's WAF can protect API server. I'm actually pretty certain it doesn't.

You need a dedicated WAF that does API protection, like FortiWeb.

AEK
AEK
63
0 Kudos
terasto
New Contributor II
In response to AEK

Created on ‎11-28-2025 02:42 AM

Hi AEK!
Okay, let's say I don't need to protect the API service, but I need to use the built-in WAF functionality on the firewall specifically in the scheme (Protecting SSL Server) that I described earlier. I'm wondering, should I enable IPS? It seems like it has some basic attack scenarios for web services that it can block.

33
0 Kudos
AEK
SuperUser
SuperUser
In response to terasto

Created on ‎11-29-2025 03:04 AM

Hi Terasto

Here are the recommended steps.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-configuration-for-HTTPS-Virtua...

AEK
AEK
16
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.