Hi.
I have a wildcard certificate, with a deadline of one year.
I also have several servers. I thought that I would use own certificates inside the network.
For external guests - Forti will replace this certificate into a wildcard certificate for each server. How to do it?
For this moment I created new SSL/SSH Inspection Profile with:
Enable SSL inspection of - Protecting SSL Server
Server certificate - commercial wildcard
Inspect all ports - disabled
HTTPS: enabled
It works - from WAN I see the wildcard certificate, from LAN I see my own certificate. But with WAN the website loads very slowly or not at all. I wonder what's wrong.
I set what you can see in the screenshot: https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/055107/protecting-an-ssl-ser...
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
SOLVED - I changed Inspection Mode from "Flow-based" to "Proxy-based" for the policy.
I didn't have to change it for every polices. This server on proxy, others work great on flow.
Can you confirm that I have configured this correctly? Just because something works doesn't always mean it's set up well ;) When I read this information, it seems to me that the flow should be the right one: https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/659145/flow-mode-inspection-default-mod...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.