Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dirkdigs
New Contributor

Created on ‎07-29-2014 12:08 PM

cant remove SSL inspection profile

I have a couple options on a few policy that I am not able to remove. Firmware 5.2 *profile-protocol-options Profile protocol options. *ssl-ssh-profile SSL SSH Profile. Does anyone know why I would not be able to remove them? I do not want to use SSL inspection profile.
12594
0 Kudos
11 REPLIES 11
dirkdigs
New Contributor

Created on ‎07-29-2014 12:39 PM

if i uncheck all other UTM features (AV, Web, APP, Email) in the policy then it allows me to turn off ssl/ssh inspection. as soon as a put any of them back it comes back by itself. i checked two different units (100d, f/w 5.2) and the behaviour was the same. can someone xplain this to me?
3421
0 Kudos
Warren_Olson_FTNT
Staff
Staff

Created on ‎07-30-2014 11:21 AM

I don' t know if I would classify this as a bug persay but I would open a ticket with support. You can still disable all the options within the profile and the certificate based check should only apply for webfiltering, which can be disabled in the webfilter profile anyway, so its probably not a big deal to leave it like that.
3421
0 Kudos
lightmoon1992
New Contributor

Created on ‎07-30-2014 11:35 AM

You may select SSL inspection profile by which you disable the inspection for the intended protocol. Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
3421
0 Kudos
dirkdigs
New Contributor

Created on ‎07-30-2014 11:40 AM

here you can see it does not allow me to remove it.
Preview file
10 KB
3421
0 Kudos
lightmoon1992
New Contributor

Created on ‎07-30-2014 11:50 AM

but you still can select new profile " test for example" which is configured to disable SSL inspection for the intended protocol. attached screenshot illustrate the settings Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
Preview file
62 KB
3421
0 Kudos
dirkdigs
New Contributor

Created on ‎07-30-2014 11:52 AM

my profile options look different. please take a look. which inspection method should i use?
Preview file
32 KB
3421
0 Kudos
lightmoon1992
New Contributor

Created on ‎07-30-2014 11:55 AM

You need to select " Full SSL inspection" radio box under the inspection method Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
3421
0 Kudos
netmin
Contributor II

Created on ‎07-30-2014 12:58 PM

These changes in 5.2 are documented in the What' s New guide ... not an ideal design ... but not a bug as well.
If any security profile is used in a security policy, SSL inspection will automatically be enabled, at which point an SSL mode must be selected ...
3421
0 Kudos
dirkdigs
New Contributor

Created on ‎07-30-2014 02:00 PM

ok i still dont really know what it does. can anybody explain how it works?
3421
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.