SSL Inspection is being ignored

sw2090 · ‎01-28-2025

Just ran into this issue and wanted to let you know:

If on a policy the security profiles is disabled (which is the Fortnet default if all filters are empty) you are still forced to enter a ssl inspection profile. However if the profiles are disabled and there is only the ssl inspection profile in the policy then FortiOS ignores that even though you are forced to enter one! In this constellation a Deep Inspection or certificate inspection profile will be ignored and no inspection is done at all!

If you enable the security profiles in the policy and add at least one more filter profile besides the ssl inspection one then ssl inspection will work as set in that profile.

This was reproduceable on several models (FGT100F and FGT100E and FGT300E) here with latest MA release of FOS 7.2.

This can create security issues when one has set only ssl inspection on a policy!

Also, Fortinet, why are you forcing me to add a ssl inspection profile and then ignore it?!

I also opened a TAC Ticket on this...

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

abarushka · ‎01-28-2025

Hello,

Reported behavior is documented. Please find the details by following the link below:

"Important Note:

Deep inspection only works if there is at lest one Security Profile enabled. Without a Security Profile enabled, deep inspection is not triggered."

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-deep-inspection-and-import-a...

FortiGate

sw2090 · ‎01-28-2025

that is on line on the very bottom of that document...

still weird to me that you cannot have DPI on its own on a policy...

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

SSL Inspection is being ignored

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website