Do I still need to turn up "full deep ssl inspection" in FortiGate if ssl inspection already works in virtual server? I did some tests and it turned out that if we have Virtual Server (so FortiGate behaves like a reverse-proxy) and certificate inspection in Firewall Policy, FortiGate able to block FULL URL adresses. For example hxxps://gmail.com/assdasd/123.
In logs only with certificate inspection I see hxxps://gmail.com/assdasd/123 (not just hxxps://gmail.com).
Hi Boris
Do you mean without deep inspection you can see and block a path/subdirectory, like example.com/abc/def?
Can you share screenshot of the firewall policy, VS config and the related logs?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.