Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
szuko
New Contributor III

Created on ‎01-11-2022 11:32 PM

SSL-Offloading

HI , I recently got into firewalls,  I have Fortigate 200F, I want to do SSL-offloading with  it if possible ?

my question is , is it possible to do it with Fortigate and if yes , then what makes it different from Fortiweb ? when i can offload traffic on my Fortigate and inspect it ? 

Labels:
5430
0 Kudos
1 Solution
AlexC-FTNT
Staff
Staff
In response to szuko

Created on ‎01-12-2022 04:14 AM

There is a little difference regarding offloading. When you do that in FortiGate on a regular traffic policy, the traffic is decrypted in order to be scanned, and re-encrypted on the way to the local server. SSL offloading means that the last part of the communication (LAN segment) is not encrypted (so the servers don't require extra resources to decrypt the traffic). This is maybe better described here:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-guide/341240/offloading-vs-inspecti...

 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

View solution in original post

5416
3 REPLIES 3
AlexC-FTNT
Staff
Staff

Created on ‎01-12-2022 01:42 AM

FortiWeb is doing application level inspection (a more focused aim than FortiGate). SSL offloading means removing the encryption from the traffic. You can do that with FortiGate through a VIP - Server Load balancing. Some info here:

http://docs.fortinet.com/document/fortigate/6.2.0/cookbook/713497/virtual-server


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
5392
szuko
New Contributor III

Created on ‎01-12-2022 04:03 AM

thanks for reply , if you put the SSL inspection on deep packet inspection isnt it same thing ? meaning doing Application level inspection ?

5386
0 Kudos
AlexC-FTNT
Staff
Staff
In response to szuko

Created on ‎01-12-2022 04:14 AM

There is a little difference regarding offloading. When you do that in FortiGate on a regular traffic policy, the traffic is decrypted in order to be scanned, and re-encrypted on the way to the local server. SSL offloading means that the last part of the communication (LAN segment) is not encrypted (so the servers don't require extra resources to decrypt the traffic). This is maybe better described here:
https://docs.fortinet.com/document/fortiweb/6.3.0/administration-guide/341240/offloading-vs-inspecti...

 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
5417
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.