Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ncmath
New Contributor

Created on ‎07-13-2022 12:42 AM

FortiADC - switching between client ssl profiles

Hi. We are migrating from Citrix Netscaler to FortiADC. On the netscaler we had client authentication ssl profile depending on which URL the client accessed, and being able to switch between them depending on what the accessed.

How do we change Client SSL profiles dynamically using the FortiADC scripting ?

Is there a list of internal referenced functions that can be used in the Scripts ? ie. LB::, SSL:: VS::.. 

On F5 you can do something like this:

when HTTP_REQUEST {

if {[HTTP::uri] starts_with "/uri1" || [HTTP::uri] starts_with "/uri2"} {
if {not [matchclass [IP::remote_addr] equals NOCERT_IP_LIST]} {
SSL::session invalidate
SSL::authenticate always
SSL::authenticate depth 9
SSL::cert mode require
set cmd "SSL::profile /Common/require_clientssl"
eval $cmd
SSL::renegotiate
event disable all
}
}
}

Labels:
284
0 Kudos
1 REPLY 1
Anonymous
Not applicable

Created on ‎07-15-2022 03:11 PM

Hello @ncmath ,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks and regards,
274
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.