Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
IShall
New Contributor

Created on ‎01-19-2019 07:05 PM

Fortigate replacing/altering certificate - SSL inspection problem ?

Hello,

I have installed a Fortigate (200E, 5.6.4) as an inline IPS (VDOM running in transparent mode).

Now when users attempt to connect to an SSL device through which the traffic is passing, the certificate is presented to the user as  coming from the Fortigate, not the correct valid certificate on the device.

 

What is causing this and how do I get around it ?

 

Kind regards,

IShall.

FGT310B MR3 Patch 15 FMGR MR3 Patch 8
FGT310B MR3 Patch 15 FMGR MR3 Patch 8
Labels:
2489
0 Kudos
1 REPLY 1
IShall
New Contributor

Created on ‎01-23-2019 05:57 PM

Found my issue, apparently is a bug in 5.6.4.

Default "certificate-inspection" profile when creating a transparent mode VDOM is "Full Inspection", not "Certificate Inspection". Was not looking closely enough :(

 

FGT310B MR3 Patch 15 FMGR MR3 Patch 8
FGT310B MR3 Patch 15 FMGR MR3 Patch 8
1277
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.