Hello,
I don't understand how I can disabled SSL when Web Filter is enable. I can't swich off. I can only switch off if I disabled web filter. Have you some idea ? I have Fortigate v. 5.2.1build618 (virtual appliance).
Thanks
M.
Hi,
In your policy under ssl/ssh inspection, select profile certificate inspection it will disable the "man in the middle" ssl inspection and only inspect the certificate and it will stop your ssl error in the web browser. SSL inspection is a good thing so you should be looking at deploying a certificate on the workstation in order to effectivelly use the full sll inspection.
If for some reason the "certificate inspection" profile was deleted you can create one under
Under Policy & objects - Policy - SSL/SSH Inspection
techevo wrote:Hi,
In your policy under ssl/ssh inspection, select profile certificate inspection it will disable the "man in the middle" ssl inspection and only inspect the certificate and it will stop your ssl error in the web browser. SSL inspection is a good thing so you should be looking at deploying a certificate on the workstation in order to effectivelly use the full sll inspection.
If for some reason the "certificate inspection" profile was deleted you can create one under
Under Policy & objects - Policy - SSL/SSH Inspection
Hello,
I set "certificate-inspection" but I have problem when I try see web as Facebook... I explain, if I accept Facebook, no problem, If I block it, I receive error and not Fortinet block page, normally I see it when I try surf on block website.
Any idea ??
Thanks
M.
Even when you use certificate inspection when the Fortigate displays the blocked page message, that page must be HTTPS, there is no way around this as the browser is expecting HTTPS, the Fortigate uses it's certificate for the blocked page.
Can I disable from the Policy IPv4 the SSL Inspection ? in this moment it's enable auto when I enable web filter, and I can't disable.
M.
The ability to disable SSL/SSH inspection when using a security profile was added in 5.2.1, as noted on page 16 of the What's New guide (http://docs.fortinet.com/uploaded/files/1912/PDF.pdf). You can disable inspection in the CLI, not the web-based manager.
config firewall policy edit <id> unset ssl-ssh-profile end end I just tested this and it does work; however, I noticed that when you view the policy in the web-based manager, it will show SSL inspection as enabled. However, using the show command in the CLI confirmed that it was disabled.
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
Hi,
You can disable the SSH inspection in the GUI. If you are on the page where you view all your policies (section view or global view) if you right click on the SSH profile you will get a menu and you can select remove profile there.
But here is another problem and I do hope they sort this one out because it's annoying. When you go into the rule itself and you change something like source address or the service or anything that has nothing to with UTM, in fact now that i think about it you don't even have to change anything, as soon as you click the OK button the SSL Inspection profile is back. Even if you turn it off in the CLI.
If you open the rule in the GUI and click OK, SSL is back.
Anyway hope the tip helps to clean out those pesky ssl profiles :)
- FortiFr34k11
A bug has been made about the issue and is being worked on for future FortiOS releases.
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
I am facing a similar issue on v6.0.2. On our enterprise portal instead of displaying the ssl CA which we bought, all browsers are pointing to the firewall s/n there by making the connection unsecured. Please how can this be resolved?
Same problem here...did you manage to workaround this problem?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.