Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
romank
New Contributor III

Created on ‎03-21-2024 08:15 AM

FortiWeb - SNI settings

Hello,

Gotta question regarding ssl certificate and SNI configuration. Im gonna use SNI solution, do I need to setup "certificates" on main page when creating main policy? please see screenshot. From my point of view no, cuz all certs info will be pointed in SNI policy, but I wannabe sure. I did test scenario where I put  a cert there and SSL Labs showed me some errors, and sometimes I was getting "pr_end_of_file_error" - but im not sure if this was cuz of this. 

 waf1.png

rkr
rkr
Labels:
174
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎03-21-2024 08:49 AM

Hi Romank

Used it few years ago so if I'm not wrong the Certificate field should be the default one it the requested domain name is not in the SNI. I'll try to double check this info.

AEK
AEK
162
shafiq23
Staff
Staff

Created on ‎04-05-2024 01:37 AM

Hello romank,

 

You can leave it blank as Client Hello contains SNI that would match domain name in the SNI policy associated in server policy.

 

"pr_end_of_file_error" error seems surrounding on TLS problem. You can try to enable only TLS 1.2 and 1.3 and test again.

 

Thanks.

 

Regards,

Shafiq

55
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.