Hi,
If I have a 2 vlan on my FG one for users_lan
And one for servers_lan
I want to apply ips to a policy:
where src is users_lan and dst is server_lan (with deep inspection).
should i install the default FG cert (for example if i choose to use the FG cert) on the users_lan computers only or I also have to install the cert on the server?
Thank you very much.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @AmirZ12 ,
If you want to inspect the traffic of source system , then install the certificate on source system , I hope as per your comment, source system belongs to users_lan, then you should install certificate on respective source system.
And if you want to inspect all traffic, then you can use deep inspection certificate.
Refer below article for general reference:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Testing-of-IPS-sensor-packet-logging/ta-p/...
Created on 05-02-2023 07:52 AM Edited on 05-02-2023 08:18 AM
And yes my source is the users vlan and i want to make that the ips will check the traffic coming from the users lan vlan to the servers.
Also please make sure the certificate you use for deep packet inspection should be trusted by client or issue by CA which is trusted by clients and servers. Otherwise you might face issues for SSL because of untrusted cert.
keep in mind: if that is ssl encrypted traffic you have to also apply ssl deep inspection to have the ips work!
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.