Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dirkdigs
New Contributor

cant remove SSL inspection profile

I have a couple options on a few policy that I am not able to remove. Firmware 5.2 *profile-protocol-options Profile protocol options. *ssl-ssh-profile SSL SSH Profile. Does anyone know why I would not be able to remove them? I do not want to use SSL inspection profile.
11 REPLIES 11
dirkdigs
New Contributor

if i uncheck all other UTM features (AV, Web, APP, Email) in the policy then it allows me to turn off ssl/ssh inspection. as soon as a put any of them back it comes back by itself. i checked two different units (100d, f/w 5.2) and the behaviour was the same. can someone xplain this to me?
Warren_Olson_FTNT

I don' t know if I would classify this as a bug persay but I would open a ticket with support. You can still disable all the options within the profile and the certificate based check should only apply for webfiltering, which can be disabled in the webfilter profile anyway, so its probably not a big deal to leave it like that.
lightmoon1992
New Contributor

You may select SSL inspection profile by which you disable the inspection for the intended protocol. Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
dirkdigs
New Contributor

here you can see it does not allow me to remove it.
lightmoon1992
New Contributor

but you still can select new profile " test for example" which is configured to disable SSL inspection for the intended protocol. attached screenshot illustrate the settings Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
dirkdigs
New Contributor

my profile options look different. please take a look. which inspection method should i use?
lightmoon1992
New Contributor

You need to select " Full SSL inspection" radio box under the inspection method Mohammad

Mohammad Al-Zard

 

Mohammad Al-Zard
netmin
Contributor II

These changes in 5.2 are documented in the What' s New guide ... not an ideal design ... but not a bug as well.
If any security profile is used in a security policy, SSL inspection will automatically be enabled, at which point an SSL mode must be selected ...
dirkdigs
New Contributor

ok i still dont really know what it does. can anybody explain how it works?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors