- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Fortiweb deep inspection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiweb deep inspection
Dears,
I have question about deep inspection feature in fortiweb, I'm not sure if it's the right term in fortiweb but I mean decrypt incoming secure traffic, inspect it and encrypt again to send it for mail server as our case.
my question is:
Is the deep inspection is the default behavior in Fortiweb when we are using HTTPS protocol? I mean just uploading the server certificate and applying it in server policy with using web protection profile is enough? or there is additional setup?
-We need fortiweb to inspect scure OWA traffic before [HTTPS traffic].
Solved! Go to Solution.
Labels:
- Labels:
-
FortiWeb
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nemat
Speaking in Fortiweb words, there're two approaches to this: ssl offloading and ssl inspection.
Both enable the waf to inspect HTTPs traffic for viruses, etc.
Main difference is the place where you ends the ssl tunnel.
In ssl offloading, webserver certificate and key you must upload to fortiweb enable the traffic decryption and further analysis. The usual config is terminate SSL session in the Fortiweb and forward plain HTTP to protected backend webservers (reducing processing load in webs servers)
In SSL inspection, fortiweb it's not the ssl tunnel terminator, certificate and keys are both in the web servers and fortiweb,; traffic flows continuosly from client to servers, if this is not an attack, fortiweb allows it. However, Fortiweb decrypts a copy of the traffic in order to scan for viruses, malware or threats; it forwards the original, encrypted packets to webserver.
If you already configured your Server Policy, enabled HTTPS service, uploaded certificates, you have ssl offloading working; clicking in advanced ssl settings, you also could fine tune SSL aspects.
If you want configure ssl inspection in fortiweb terms, go to your defined server pools, and enable SSL to trigger inspection.
More and (better explained I guess) in:
regards
__ Abel
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nemat
Speaking in Fortiweb words, there're two approaches to this: ssl offloading and ssl inspection.
Both enable the waf to inspect HTTPs traffic for viruses, etc.
Main difference is the place where you ends the ssl tunnel.
In ssl offloading, webserver certificate and key you must upload to fortiweb enable the traffic decryption and further analysis. The usual config is terminate SSL session in the Fortiweb and forward plain HTTP to protected backend webservers (reducing processing load in webs servers)
In SSL inspection, fortiweb it's not the ssl tunnel terminator, certificate and keys are both in the web servers and fortiweb,; traffic flows continuosly from client to servers, if this is not an attack, fortiweb allows it. However, Fortiweb decrypts a copy of the traffic in order to scan for viruses, malware or threats; it forwards the original, encrypted packets to webserver.
If you already configured your Server Policy, enabled HTTPS service, uploaded certificates, you have ssl offloading working; clicking in advanced ssl settings, you also could fine tune SSL aspects.
If you want configure ssl inspection in fortiweb terms, go to your defined server pools, and enable SSL to trigger inspection.
More and (better explained I guess) in:
regards
__ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
We are on v7.2.4 but the following issue is since 6.4.X
We need to use some signatures in our application control security profiles. Those signatures will not be available unless you have deep packet inspection enabled on this firewall policy (Example: OneDrive_File.Upload, YouTube_HD.Streaming, YouTube.Downloader.YTD ... etc.)
When we enable deep packet inspection, OneDrive as an example with Office365 wouldn't work because you are replacing the certificate with Forti's for the deep packet inspection to work. At the end, you will have to exempt Office365 destinations from the deep packet inspection which will lead to you are not able to use those signatures that require Deep packet inspection!
Has anyone come across this issue before? and how did you resolve it?
Related Posts
- SSL inspection/offloading in different deployment modes 212 Views
- Problem using Application Control in FortiProxy... 209 Views
- debug SSL inspection for flow based... 203 Views
- Inspection SSL Untrusted CA 228 Views
- Windows server 2019 HTTP, HTTPS... 178 Views
Labels
-
FortiGate
4,457 -
FortiClient
912 -
5.2
801 -
5.4
639 -
FortiManager
435 -
6.0
416 -
5.6
362 -
FortiAnalyzer
298 -
6.2
251 -
FortiAP
210 -
FortiSwitch
208 -
5.0
196 -
Fortimail
185 -
FortiAuthenticator
182 -
FortiClient EMS
167 -
6.4
128 -
FortiWeb
101 -
FortiGuard
71 -
FortiGateCloud
69 -
4.0MR3
64 -
FortiCloud Products
60 -
FortiSIEM
57 -
FortiNAC
55 -
Customer Service
48 -
FortiToken
45 -
Wireless Controller
36 -
FortiADC
32 -
FortiProxy
30 -
FortiGate v5.4
27 -
Fortivoice
26 -
FortiDNS
24 -
FortiConnect
24 -
FortiSwitch v6.4
23 -
FortiSandbox
21 -
FortiExtender
21 -
FortiEDR
20 -
FortiWAN
15 -
FortiConverter
14 -
FortiSwitch v6.2
12 -
FortiMonitor
11 -
FortiPortal
10 -
FortiCASB
10 -
FortiGate v5.2
9 -
4.0MR2
9 -
FortiGate v5.0
7 -
FortiAnalyzer v5.0
7 -
FortiManager v5.0
7 -
FortiDDoS
7 -
4.0
7 -
FortiSOAR
6 -
FortiRecorder
6 -
RMA Information and Announcements
5 -
FortiBridge
4 -
FortiCarrier
4 -
3.6
4 -
FortiWeb v5.0
3 -
FortiDirector
3 -
FortiCache
3 -
FortiDB
3 -
FortiManager v4.0
3 -
FortiDeceptor
2 -
FortiInsight
2 -
FortiScan
2 -
FortiGate v4.0 MR3
2 -
4.0MR1
1 -
FortiAI
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiHypervisor
1 -
FortiNDR
1 -
FortiTester
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2023 Fortinet, Inc. All Rights Reserved.