Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vdaam
New Contributor

SSL Inspection and FIPS mode 7.2.X

Is anyone out there successfully running full SSL inspection and also has FIPS-CC enabled? I should mention also that the policy needs to be in Proxy mode NOT flow.

I recently ran into an issue where once I put the policy into proxy mode all new sessions start failing.

After working with support we found that the WAD proxy module is referencing this private key " Fortinet_SSL_RSA1024.key ". FIPS modes does not allow keys below 2048 so obviously this key is not there and its failing https://omegle.onl/ .

SSL inspection still works in flow mode but I know its recommended when using DPI to use proxy based inspection.

Just curious if anyone else has ran into this. Seems like SSL inspection is something that if you are in FIPS mode you would most likely be using.

Thanks

1 REPLY 1
Jackie_T
Staff
Staff

Hi Vdaam,

 

If you do a list of the local certificates >> "show vpn certificate local | grep edit" , do you see the Fortinet_SSL_RSA1024 certificate listed there?

Jackie Tai
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors