Hi FortiGate admins
Even when it works well we usually feel the need to understand how it works.
A common scenario when we publish a HTTPS Web server through a VS (for load-balancing and/or HTTP host based routing) and a proxy inspection firewall policy with deep inspection (for WAF & IPS inspection), using the same certificate like described in the article:
The confusion is that we use SSL offloading at VS level and deep inspection at firewall policy level, like if we configure traffic decryption at two levels (but I guess it is done once, right?).
There are some question like:
Hey AEK,
let's see if I can shed some light :).
Please take this with a grain of salt, I've gotten a bit rusty with SSL inspection and related queries, but as far as I know:
- VS SSL offloading should take precedence before SSL inspection (VIP/VS-related config is handled first before a packet goes through UTM)
- if I remember correctly, with SSL offloading, the FortiGate essentially handles HTTP traffic once the traffic has hit the virtual server, and it would be that unencrypted traffic that is handed to UTM for inspection
-> deep inspection would not come into play as I understand it
-> deep inspection should also not re-encrypt the traffic, as from a UTM perspective the traffic is not encrypted in the first place
Cheers,
Debbie
Thanks again Debbie. Again it is more clear but I still need some deeper exercise to remove my rust.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.