Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Paddy
New Contributor

Created on ‎09-22-2021 01:58 PM

SSL Deep Inspection Discussion

I know that I can check the certificate when I am browsing and see it's secured by the Fortinet certificate.   I am mostly interested in seeing, for my own eyes, that its working for my Outlook POP3, IMAP SSL connections as well.   I have combed through the logs and do not see anything within the log that it says SSL deep packet inspection is turned on.    This can be that hard to show that it's working and make it part of the selling point of the UTM bundle. 

 

Thoughts?

2021-09-22_13-54-43.jpg
Preview file
31 KB
2873
0 Kudos
2 REPLIES 2
TecnetRuss
Contributor

Created on ‎09-22-2021 02:49 PM

This doesn't directly answer your specific question, but the way I demonstrate the value of DPI is to set up an Internet access policy with AV enabled and show that with DPI enabled the FortiGate blocks any attempt to download the EICAR antivirus test file over HTTPS.  When you flip the policy to normal certificate inspection the EICAR file isn't blocked over HTTPS.  This is also a good sanity check to make sure that DPI is properly protecting clients.

 

Russ

NSE7

2032
0 Kudos
Paddy
New Contributor
In response to TecnetRuss

Created on ‎09-22-2021 06:42 PM

Thanks!  Good idea!

2032
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.