Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rezafathi
Contributor II

Created on ‎03-14-2024 02:57 AM

Intra vlan security profiles

Hi 

I want to secure vlans to vlans traffic with my 200f fgt. Which security profiles can i enable between vlans?

Reza F.
Reza F.
Labels:
1074
0 Kudos
7 REPLIES 7
ozkanaltas
Valued Contributor III

Created on ‎03-14-2024 03:01 AM

Hello @rezafathi ,

 

In my opinion, IPS and AV are enough for these traffics. You can configure it with the default profile on your policy or you can customize the profile according to your preferences.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1068
rezafathi
Contributor II
In response to ozkanaltas

Created on ‎03-15-2024 01:19 PM

Thanks. Should i use deep ssl profile or not?

Reza F.
Reza F.
1024
0 Kudos
ozkanaltas
Valued Contributor III
In response to rezafathi

Created on ‎03-15-2024 01:23 PM

Hello @rezafathi ,

 

This is generally not recommended for internal traffic. If you do a deep inspection, many applications may not work and you will need to install a certificate on each client.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1022
0 Kudos
rezafathi
Contributor II
In response to ozkanaltas

Created on ‎03-15-2024 01:24 PM

If i dont use deep inspection av would not work

Reza F.
Reza F.
1020
0 Kudos
ozkanaltas
Valued Contributor III
In response to rezafathi

Created on ‎03-15-2024 01:29 PM

This is partly true. If the protocol used is not secure, it will detect viruses. However, many protocols are sensitive. If you do deep inspection it won't work. That's why deep inspection is often used for web traffic.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1016
0 Kudos
rezafathi
Contributor II
In response to ozkanaltas

Created on ‎03-15-2024 01:31 PM

So can i disable ssl inspection?

Reza F.
Reza F.
1014
0 Kudos
ozkanaltas
Valued Contributor III
In response to rezafathi

Created on ‎03-15-2024 01:32 PM

My advice is, yes you can close.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1012
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.