Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
seadave
Contributor III

SSL Inspection and TLS

When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned.  Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams.  But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport.  This has allowed a few malicious files to pass.  Is there any solution to this?  We are running 5.2.3 on a 500D.  We are using deep inspection with all protocols enabled.

1 REPLY 1
vanc
New Contributor II

dfollis wrote:

When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned.  Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams.  But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport.  This has allowed a few malicious files to pass.  Is there any solution to this?  We are running 5.2.3 on a 500D.  We are using deep inspection with all protocols enabled.

SSL is just a general term which covers TLS as well. Just like the library OpenSSL which does support TLS. FortiGate's SSL deep inspection does cover TLS.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors