Hello Stefan,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Hello Stefen,

I have found this documentation:

https://docs.fortinet.com/document/fortiadc/7.2.0/handbook/717770/configuring-client-ssl-profiles

Could you please tell me if it is helping?

Regards,

Dear Anthony,

thanks for sharing this documentation link, but I think using a clientSSL -profile always requires the server-certificate. And that's exactly what I'd like to avoid.

I just want the FortiADC to "read" the SNI field from the ssl_clienthello packet. I think this is, similar to F5, only possible via additional scripting, which FortiADC also supports. But as of now I see only the CLIENT_HANDSHAKE event, which only triggers when terminating SSL. Or in other words, can I use the required SSL:sni() command (to "read" the required value) in any other event WITHOUT terminating SSL?

If not, could this be an idea for upcoming features? Is there an option to request this?

Thank you!

Regards Stefan :)

Dear Stefan :)!,

Thanks a lot for your answer.

Oh ok, I will then find an expert who will reply to you!

Regards,

Hello Stefan,

I have found an expert and he will answer soon :)!

Regards

Hi Stefan,

And hiere the answer:

"we reviewed the current document, but were unable to find information on the specific requirement by the user (similar to F5 SSL-persistence profile). we may need to ask the userto raise a TAC ticket, to futher check with our Devs."

Could you please Stefan, oen a ticket with our TAC?

Thanks a lot in advance.

Regards,

Dear Anthony,

may I ask you how to raise a TAC-ticket? Can I do this online or do I have to call somewhere?
Thank you!

Regards Stefan :)

Dear Stefan,

Sure :)!

Please login to this URL:

https://support.fortinet.com/welcome/#/

And follow the path :)!

Regards,