Hi. We are migrating from Citrix Netscaler to FortiADC. On the netscaler we had client authentication ssl profile depending on which URL the client accessed, and being able to switch between them depending on what the accessed.
How do we change Client SSL profiles dynamically using the FortiADC scripting ?
Is there a list of internal referenced functions that can be used in the Scripts ? ie. LB::, SSL:: VS::..
On F5 you can do something like this:
when HTTP_REQUEST {
if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {
if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
set cmd "SSL::profile /Common/require_clientssl"
eval $cmd
SSL::renegotiate
event disable all
}
}
}
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 07-15-2022 03:11 PM
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.