We allow our Meraki access points out to the internet via our Fortigate internet firewall. We publish both an SSID for corporate laptops and a guest SSID for the public. We use SSL inspection on the firewall policy that allows the wireless network out to the internet so that we can scan HTTPS traffic for malware etc. The corporate laptops have the relevant certificate for the SSL Inspection profile installed so this works fine but guest devices such as mobile phones obviously don’t have the certificate so just get certificate errors when accessing the internet.
This is maybe a daft question but can anyone think of a way of differentiating between our guest and corporate wi-fi at a firewall level so we can treat the two differently from an SSL inspection perspective when both SSIDs are published by the same wireless network? Any advice welcome.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @wilhome
How do you differentiate the corporate users and the guest users? If you separated the subnet used by the corporate user and the guest user, it would be possible for you to create 2 policies with the respective source IP. In that case, you can configure the guest users with certificate inspection profile.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.