Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate IPS


If I have a 2 vlan on my FG one for users_lan

And one for servers_lan


I want to apply ips to a policy:

where src is users_lan and dst is server_lan (with deep inspection).


should i install the default FG cert (for example if i choose to use the FG cert) on the users_lan computers only or I also have to install the cert on the server?


Thank you very much.


Hi @AmirZ12 ,

If you want to inspect the traffic of source system , then install the certificate on source system , I hope as per your comment, source system belongs to users_lan, then you should install certificate on respective source system. 

And if you want to inspect all traffic, then you can use deep inspection certificate.

Refer below article for general reference:

Mayur Padma

  • Thank you very much for your answer.


And yes my source is the users vlan and i want to make that the ips will check the traffic coming from the users lan vlan to the servers.


Also please make sure the certificate you use for deep packet inspection should be trusted by client or issue by CA which is trusted by clients and servers. Otherwise you might face issues for SSL because of untrusted cert. 

ROSA Technocrat - Also on youtube

Please Subscribe
Honored Contributor

keep in mind: if that is ssl encrypted traffic you have to also apply ssl deep inspection to have the ips work!


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams