Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sub7even
New Contributor

Deep SSL Inspection over RDP

Hi All,

 

Will the setup able to inspect the file from client PC to the RDP host? My config will be source "client" destination "jumphost" all UTM turned ON with deep inspection. So my concern if the client has a encrypted malware to be copy into the host, will FGT able inspect and drop the connection/ packet? OR my setup is wrong?

 

Thanks!

2 REPLIES 2
darwin1_FTNT
New Contributor

As far as I know RDP/VNC protocols aren't supported yet in utm file inspection (it can be identified as rdp or vnc traffic in application control utm). Data could be encrypted with password or certificate. Can ask TAC support for more details and TAC may file an NFR mantis bug. Dev will investigate if feasible to support (protocol could be very complex), then give time estimation to finish the feature. It is recommended to request new protocols support (as customer feedback) thru TAC support to keep the utm security features upto date . Thanks.

pavankr5
Staff
Staff

Hello @sub7even ,

Your setup with FortiGate and UTM features can help inspect and block malicious files, including encrypted ones.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/122078/deep-inspection
The FortiGate UTM features should be able to inspect and analyze files, including encrypted ones, if they are decrypted or temporarily decrypted during the transfer. Encrypted traffic, like HTTPS or SSL-encrypted RDP, can be challenging to inspect. The FortiGate device can use SSL inspection techniques to decrypt SSL-encrypted traffic, inspect it, and then re-encrypt it for delivery.
FortiGate devices typically use signature-based detection to identify known threats
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/213498/signature-based-defense

let us know if you have any queries






Thanks,

Pavan

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors