Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
seadave
Contributor III

SSL Inspection and TLS

When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned.  Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams.  But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport.  This has allowed a few malicious files to pass.  Is there any solution to this?  We are running 5.2.3 on a 500D.  We are using deep inspection with all protocols enabled.

1 REPLY 1
vanc
New Contributor

dfollis wrote:

When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned.  Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams.  But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport.  This has allowed a few malicious files to pass.  Is there any solution to this?  We are running 5.2.3 on a 500D.  We are using deep inspection with all protocols enabled.

SSL is just a general term which covers TLS as well. Just like the library OpenSSL which does support TLS. FortiGate's SSL deep inspection does cover TLS.

Labels
Top Kudoed Authors