Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Carsten_Buchenau
New Contributor

Created on ‎03-17-2022 09:52 AM

SSL deep inspection requires many exceptions - normal?

Hi,

We recently enabled SSL deep inspection for HTTPS traffic, and we frequently encounter Websites that would not work and need an exemption inside the deep-inspection profile via wildcard-fqdn object. 

This includes sites like linkedin.com. No problem when adding them via wildcard-fqdn to the exceptions list, or by adding more web-site categories as well.

Is this normal / expected? It appears we have to exempt a lot of major sites to work with deep inspection... 

Any comment / hint / best-practice advise is very welcome.

Carsten

Carsten Buchenau EDIFICE COMMUNICATIONS SA Lausanne, Switzerland

Carsten Buchenau EDIFICE COMMUNICATIONS SA Lausanne, Switzerland
Labels:
239
0 Kudos
1 REPLY 1
TxAggieEngineer
New Contributor

Created on ‎03-18-2022 07:53 AM

I've encountered the same thing but the vast majority of sites work fine.  I'll whitelist sites like backup services, banking, or other sites that use HSTS but after a few weeks and getting over the initial hump, I rarely have to make edits.
228
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.