Hi Vanc, In 5.2, you have new option under SSL inspection called SSL
certificate inspection besides the legacy Full SSL inspection. Skype
will not work under Full inspection as it really performs the man in the
middle, where in SSL certificate inspec...
Setup illustrated is doable. no doubt about it as i made it many times
in standalone and HA A-A scenario However, i really don' t recommend the
direct connectivity thing as the FortiGate wasn' t meant to be used as
switch " in fact it can do so" as s...
@JHamilton if i understood your sketch right, all what you need to do it
to make three VLANs reaching the FortiGate, right? if so, all what you
need to do is to define trunk on the FortiGare, on top of which you
create three VLAN interfaces with appr...
I believe you can do so with custom IPS signature. you may configure
http signature looking into HTTP.UPLOAD or HTTP.PUT (depending on the
application you are willing to block its traffic). just sniff the
traffic, drill down the exact commands used, ...
If it is a logical failure detected by DGD, you should see log stating
that gateway configured is not detected. if so, your ISP may be blocking
sensing protocol " like ICMP" toward some widely recognized IPs
(8.8.8.8, 8.8.4.4, etc) Mohammad
