When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned. Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams. But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport. This has allowed a few malicious files to pass. Is there any solution to this? We are running 5.2.3 on a 500D. We are using deep inspection with all protocols enabled.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
dfollis wrote:When I review the SSL Inspection settings, TLS is not one of the protocols shown as being scanned. Since TLS is essentially SSL v4.x, I would think that Fortigate SSL scanning would support decrypting such streams. But we are seeing a situation where the TLS encoded traffic from our hosted spam filtering provider is not being decrypted as it passes the Fortigate to our Exchange Hub Transport. This has allowed a few malicious files to pass. Is there any solution to this? We are running 5.2.3 on a 500D. We are using deep inspection with all protocols enabled.
SSL is just a general term which covers TLS as well. Just like the library OpenSSL which does support TLS. FortiGate's SSL deep inspection does cover TLS.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.