Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sklotz
New Contributor II

FortiADC use SNI value without ClientSSL profile

Is it possible to use the SNI value (for a whitelisting) in scripting without terminating SSL on the FortiADC?

It seems there is only the CLIENT_HANDSHAKE event, but this requires a clientssl-profile. With F5 iRules there is an additional event CLIENTSSL_CLIENTHELLO, which works without a clientssl-profile. Here only a SSL-persistence profile is required.

Is this somehow also possible with FortiADC?

Thank you!

 

Regards Stefan :)

10 REPLIES 10
sklotz
New Contributor II

Just for your information, official Fortinet-Support finally confirmed, that this special use-case is currently NOT possible/supported. SNI host-header can't be processed without SSL termination.

Thank you!

 

Regards Stefan :)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors