Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sklotz
New Contributor II

Created on ‎03-10-2023 02:31 AM

FortiADC use SNI value without ClientSSL profile

Is it possible to use the SNI value (for a whitelisting) in scripting without terminating SSL on the FortiADC?

It seems there is only the CLIENT_HANDSHAKE event, but this requires a clientssl-profile. With F5 iRules there is an additional event CLIENTSSL_CLIENTHELLO, which works without a clientssl-profile. Here only a SSL-persistence profile is required.

Is this somehow also possible with FortiADC?

Thank you!

 

Regards Stefan :)

Labels:
2480
0 Kudos
10 REPLIES 10
sklotz
New Contributor II

Created on ‎04-11-2023 04:51 AM

Just for your information, official Fortinet-Support finally confirmed, that this special use-case is currently NOT possible/supported. SNI host-header can't be processed without SSL termination.

Thank you!

 

Regards Stefan :)

298
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.