Is anyone out there successfully running full SSL inspection and also has FIPS-CC enabled? I should mention also that the policy needs to be in Proxy mode NOT flow.
I recently ran into an issue where once I put the policy into proxy mode all new sessions start failing.
After working with support we found that the WAD proxy module is referencing this private key " Fortinet_SSL_RSA1024.key ". FIPS modes does not allow keys below 2048 so obviously this key is not there and its failing https://omegle.onl/ .
SSL inspection still works in flow mode but I know its recommended when using DPI to use proxy based inspection.
Just curious if anyone else has ran into this. Seems like SSL inspection is something that if you are in FIPS mode you would most likely be using.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Vdaam,
If you do a list of the local certificates >> "show vpn certificate local | grep edit" , do you see the Fortinet_SSL_RSA1024 certificate listed there?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1661 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.