We allow our Meraki access points out to the internet via our Fortigate internet firewall. We publish both an SSID for corporate laptops and a guest SSID for the public. We use SSL inspection on the firewall policy that allows the wireless network out to the internet so that we can scan HTTPS traffic for malware etc. The corporate laptops have the relevant certificate for the SSL Inspection profile installed so this works fine but guest devices such as mobile phones obviously don’t have the certificate so just get certificate errors when accessing the internet.
This is maybe a daft question but can anyone think of a way of differentiating between our guest and corporate wi-fi at a firewall level so we can treat the two differently from an SSL inspection perspective when both SSIDs are published by the same wireless network? Any advice welcome.
How do you differentiate the corporate users and the guest users? If you separated the subnet used by the corporate user and the guest user, it would be possible for you to create 2 policies with the respective source IP. In that case, you can configure the guest users with certificate inspection profile.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.