Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

guest login and https

In a scenerio where users will be bringing there own mobile phones and would like to access internet. I have configured an interface connected to AP with a DHCP and with that interface I have allowed internet to be access outside with a couple of policies ( Url filtering, app etc).

To make blocking of HTTPS work we need to use deep scanning certificate. But the problem is that for that you also need to import that certificate to mobiles phones of each user. Has anyone got solution to this problem. I need HTTPS websites blocking on guest wireless users but cant put certificate in each of mobile which they bring in .


New Contributor III

If you are wiling to compromise, consider using SSL Certificate Inspection instead of Full SSL Inspection.  The compromise is that SSL Certificate Inspection does not allow FortiGate to analyze the full URL.  (We've deemed it an acceptable compromise for our guest traffic, but not for our employee traffic.)  See this article.



New Contributor

I understand that i cant use the deep inspection in this case. If i use the ssl inspection ( lower one) would I be able to block or other HTTPS websites. I believe even application inspection would not work properly if I use the SSL inspection instead of deep inspection. 


Do you have any idea how other vendors including Palo Alto, Cisco are implementing HTTPS inspection. Is it same ?



Contributor II

Palo Alto do full ssl inspection on the same way as Fortinet do.

Regards, Paulo Raponi

Regards, Paulo Raponi
Top Kudoed Authors