Hi all

I'm experimenting with ssl protection ( fortigate 6.0.10 , vdom in proxy mode ) and getting mixed messages from pratice and documentation.

Protecting ssl server profile ( pssp ) seems capable of deep inspection, because a WAF profile ( applied to a policy with pssp ) can properly intercept http methods and urls ( only with VIP policy, interface to interface policy are unaffected by pssp )

If I understood correctly, the pssp serves a ssl certificate on behalf of the protected server, acting like a reverse proxy, and handles ( decyphers and filters : waf, antivirus, ecc ) the traffic between client and server; but only for vip a virtual servers.

Documentation only shows mulitple client connecting to multiple servers ( mcctms ) in full ssl inspection mode when speking about full inspection

Is there a way to serve a ssl certificate in a policy between two interfaces ? Must I create a vip between lan and dmz ?

Hum I'm not sure my logic is sound :)

TIA

Arcre