You can use an external web page using http only, the page will not be blocked by DPI.
I don't know if there is a way to use a portal or redirect the users automatically, most probably you have to instruct the end user to manually open that site. If you are using Captive portal you can configure that URL to redirect the user after login.
- Emirjon If you have found a solution, please like and accept it to make it easily accessible for others.
Thanks for your email. I have managed to deploy the solution with a minimal user interference and that was my intention.
I have made a redirection page which contains all the download URLs, including the instruction for each platform. When users connected, will be redirected to a landing page.
The only challenge I have faced is Apple/iOS/iPAD devices. However, luckily we have a JAMF solution which manages our Apple devices. Using the Enrolment procedure to push a package that includes the CA certificate, is able to get the certificate profile installed, then Enable the certificate in the Apps/VPN section.
The security measures in place of using DPI, but off-course you have to keep in mind the devices which need to be
connected without inspections, APs, Phones, SBCs, etc etc...
An access policy is in place for those devices and a restricted policy with DPI below as last policy for all http/https.
Is there anything that I need to include / a recommendation of achieving this task in a better way?
Implementing a redirection or landing page to host the certificate and provide instructions can be a helpful approach. Here's a general outline of how you can implement this solution for your SSL rollout in an educational campus:
Create a landing page: Design a webpage that hosts the certificate file and provides clear instructions on how to download and install it. You can include step-by-step guides, visuals, and any relevant information to assist users in obtaining and installing the certificate.
Configure firewall rules: Set up firewall rules to redirect users to the landing page whenever they attempt to access the internet without the required certificate. This can be done by intercepting and redirecting HTTP/HTTPS traffic to the landing page.
SSL certificate hosting: Host the SSL certificate file on a web server or a specific location accessible to users. Ensure that the certificate is easily downloadable from the landing page.
Moreover, I could recommend you this source https://edubirdie.com/lab-report-writing-service I personally use it, because it helps me with lab report writing, besides this they have various writings that could help you with your studies, I refer that another time when you have some doubts you could try to use it, it is very convenient.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.