Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
che9992
New Contributor

Question about Certificate warning

Hello guys, we're currently using Fortigate 100D to block websites for out school student I understood that a certificate must be installed on a client device(student device like PC or ipad and android tablet pc ) to completely block the HTTPS site like youtube or facebook.. We installed a certificate on the student device every year but things changed ! There are now more than 250 students, and they have one or two devices. It is very difficult to install certificates on all student devices. Is there any possible way to automatically install certificates on devices that use our network ? like certificate server or something... Help me guys thanks a lot regards     spec Fortigate 100D v5.2.13,build762 (GA) 

1 REPLY 1
Paul_S
Contributor

Actually the Fortigate can block HTTPS sites without installing certificates on the client using certificate inspection versus full inspection. Full inspection is for inspecting the actual traffic for bad content to block (viruses, attacks, bad words, block some pages on a large site that is allowed, etc...)

 

If you need full inspection, then yes you need to get the certificate to their device to reduce the amount of certificate security warnings they will see.

 

If these are personal devices, then I am not sure a certificate server will help you. We will see what other say.  With such diverse devices it may be hard to get certificates to all of them.

 

Perhaps you could setup a captive portal style configuration with a landing page showing users how to install the certificate for their device type.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Labels
Top Kudoed Authors