Hi,
I was reading the FortiGate antivirus topic from Fortinet website. Also I tested them in my test environment by downloading the file from ecior.org. What I found, until or unless you don't use SSL/SSH decryption profile, this antivirus profile is helpless which means that unless or until we don't do the SSL decryption the encrypted files cant be scanned. Is this correct assumption ? Moreover, can any one please help me to point in right direction that where can I find more information about CPRL ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Yes, your understanding is correct. In order for the FortiGate antivirus profile to scan encrypted files, SSL/SSH decryption must be enabled to decrypt the traffic for inspection. Without decryption, the antivirus profile cannot scan encrypted files for viruses and malware.
You can access the FortiOS documents to understand the requirement and test cases:
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/122078/deep-inspection
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1593 | |
1045 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.