guest login and https

ciscomemo · ‎06-08-2015

In a scenerio where users will be bringing there own mobile phones and would like to access internet. I have configured an interface connected to AP with a DHCP and with that interface I have allowed internet to be access outside with a couple of policies ( Url filtering, app etc).

To make blocking of HTTPS work we need to use deep scanning certificate. But the problem is that for that you also need to import that certificate to mobiles phones of each user. Has anyone got solution to this problem. I need HTTPS websites blocking on guest wireless users but cant put certificate in each of mobile which they bring in .

xinger · ‎06-09-2015

If you are wiling to compromise, consider using SSL Certificate Inspection instead of Full SSL Inspection. The compromise is that SSL Certificate Inspection does not allow FortiGate to analyze the full URL. (We've deemed it an acceptable compromise for our guest traffic, but not for our employee traffic.) See this article.

http://cookbook.fortinet....ld-use-ssl-inspection/

ciscomemo · ‎06-10-2015

I understand that i cant use the deep inspection in this case. If i use the ssl inspection ( lower one) would I be able to block https://youtube.com or other HTTPS websites. I believe even application inspection would not work properly if I use the SSL inspection instead of deep inspection.

Do you have any idea how other vendors including Palo Alto, Cisco are implementing HTTPS inspection. Is it same ?

Thanks

pcraponi · ‎06-14-2015

Palo Alto do full ssl inspection on the same way as Fortinet do.

Regards, Paulo Raponi

guest login and https

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website