Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
antonio_image
New Contributor

Use fortigate packet inspection to decrypt and send decripted data to Fireeye

Hi all.

 

it's possible to reach how described in subject?

 

i've to use Fortigate to decrypt https data and send decrypted data to FireEye to analyze and than re-encrypt.

 

"client" <--> lan <--> fortinet <--> decrypted data <--> fireeye <--> encrypted data <--> internet.

 

 

how can i reach this?

 

thanks

1 REPLY 1
romanr
Valued Contributor

Hi,

 

you can use the new feature of 5.4 to send the unencrypted stream to a configured interface.

 

Fireeye will see the unencrypted traffic then - but will not interact with the traffic itself!!

 

Mirroring of traffic decrypted by SSL inspection (275458) This feature sends a copy of traffic decrypted by SSL inspection to one or more FortiGate interfaces so that it can be collected by raw packet capture tool for archiving and analysis. This feature is available if the inspection mode is set to flow-based. Use the following command to enable this feature in a policy. The following command sends all traffic decrypted by the policy to the FortiGate port1 and port2 interfaces. conf firewall policy edit 1 set ssl-mirror enable/disable set ssl-mirror-intf port1 port2 next

Labels
Top Kudoed Authors