Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Deep SSL Inspection for Wi-Fi

We allow our Meraki access points out to the internet via our Fortigate internet firewall. We publish both an SSID for corporate laptops and a guest SSID for the public. We use SSL inspection on the firewall policy that allows the wireless network out to the internet so that we can scan HTTPS traffic for malware etc. The corporate laptops have the relevant certificate for the SSL Inspection profile installed so this works fine but guest devices such as mobile phones obviously don’t have the certificate so just get certificate errors when accessing the internet.

This is maybe a daft question but can anyone think of a way of differentiating between our guest and corporate wi-fi at a firewall level so we can treat the two differently from an SSL inspection perspective when both SSIDs are published by the same wireless network? Any advice welcome.


Hi @wilhome 


How do you differentiate the corporate users and the guest users? If you separated the subnet used by the corporate user and the guest user, it would be possible for you to create 2 policies with the respective source IP. In that case, you can configure the guest users with certificate inspection profile.


Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors