Dear Sir,
I planning to implement the Fortigate Webfitler .
What is the effect to the Fortigate Webfilter if Full SSL Inspection is not enabled?
Without Full SSL Inspection, the function of the Webfilter is limited, as it cannot decrypt and analyse the whole URL inside the HTTPS connection, some harmful URL / Website cannot be blocked?
It is painful to install the Fortigate Certificate into huge amount of workstation manually. ..Is there alternative way to do the Webfilter task ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
In fact without Deep Packet Inspection the URL filter cannot work. So the webfilter in this case can only check domain names against the FortiGuard cathegories since this information can be gathered out of the request without decrypting it. So this is the limit it then has.
Also all other UTM filters like IPS, AppControl or FileFilter etc will not work without DPI.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I did further research , the windows GPO can help to install SSL certificate into computers. It is time to study GPO .
yes GPO or Intunes. That's the way we did it here.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello
Either you install FGT certificate on the client hosts with GPO, or you install your domain's sub CA certificate on the FortiGate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.