Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Potato
New Contributor III

Does Fortigate VM Permanent trial mode Support SSL Deep Inspection?

Hi all,

 

I am trying to create a Lab for the Fortigate VM trial.

I will use that Fortigate as Explicit Proxy with SSL inspection

 

However, we find that the Man-in-middle is not performed by that VM even after the policy setup is done.

 

Every Website is still using its own CA but not the Fortigate self-sign one.

 

Might I know if Fortigate VM Permanent trial mode supports SSL Deep Inspection?

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello Potato,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello potato,

 

I have found this document:

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/441460/permanent-trial-mode-...

 

Could you please tell me if it provides the information requested?

 

Regards,

Anthony-Fortinet Community Team.
Yurisk
Valued Contributor

Nope, it does not. In the document @Anthony_E  referenced, there is a line "

  • Support for low encryption operation only, except for GUI management access and FortiManager communications"

low encryption relates to ANYTHING encryption related, both IPsec and all things SSL, so SSL VPN as well as SSL Deep inspection will not work with the protocols used today. On the other hand, if you can find browser that supports SSL with DES encryption (Windows 2000/2003/XP no service pack?), who knows, may be then it will work.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Anthony_E
Community Manager
Community Manager

Thank you Yurisk!

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors