Hello community,
I'm looking for a list with SSL Decryption exlusions which are not in the default Deep Inspection Profile.
Things like skype, citrix and apple, which are already are excluded.
I'm facing issues with (for example) gotomeeting and other apps. Maybe someone can share a resource with this kind of information (ip and/or fqdn).
Sure, troubleshooting is possible. But if someone already solved this case, it would help the community. And this is just an example. A list to contribue would be great.
Thank you
/Michael
Hello Michael,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello Michael,
I am still looking it is possible to get a list as requested.
Meanwhile, I am sharing this document:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/122078/deep-inspection
Could you please tell me if it is helping?
Regards,
Hi Michael,
I would suggest you to use the "Internet Service Database" objects for this. These are dynamic objects maintained by Fortinet including IPs / Ports for specific services (contract required). So you would create two firewall policies - one for the default web traffic with deep inspection enabled and a second one above with Internet Service Object as destination and deep inspection disabled. Worked perfect for me in the past.
- Lummi
Hey Lummi,
very good idea. Thank you. This will help in this particular case.
But what about all repository servers from ubuntu/suse/debian and so on? This is just another example.
Not all distros are covered with isdb.
It would be awesome if someone already figured out which ip/fqdns are required to get this running.
Regards
Michael
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.