Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ralph1973
Contributor

ssl offloading configuration

Hello,

Does anyone have configured ssl offloading on the fortigate? I have used the 'cookbook' but it doesn't explain too well how to configure half mode ssl server configuration.

 

I need to decrypt incoming https and forward this unencrypted to backend http server.

 

What I configured:

conf firewall policy

set dstaddr "vip-to-webserver"  => 157.52.x.x to 172.16.16.15

set service https

set webcache enable

set webcache-https ssl-server

 

and:

config wanopt ssl-server

edit webserver1

set ip 172.16.16.15

set port 443 

set ssl-mode half

set mapped-port 80

set ssl-cert <webserver certificate>

 

Please advise.

 

Thank you in advance,

 

Kind regards,

 

Ralph

1 Solution
dbarroco
New Contributor III

You already have it working, but in case you want to read this:

 

http://sysmagazine.com/posts/210582/

View solution in original post

2 REPLIES 2
Ralph1973
Contributor

Okay this works :)

The customers' web server didn't reply to http requests on port 80 and therefore it didn't work in the first place.

 

Thanks,

 

Ralph

dbarroco
New Contributor III

You already have it working, but in case you want to read this:

 

http://sysmagazine.com/posts/210582/

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors