Description
In FortiOS v5.2.x, when any of the UTM/Security profiles (Antivirus, Webfilter etc) are enabled, automatically the ssl inspection is also enabled by default.
Solution
This feature can only be disabled via the CLI (enabled by default):
config firewall policy
edit 2
show
unset ssl-ssh-profile <------
show
end
For more information please refer to the relevant CLI reference guide.
If there is a need for more than 2 firewall policies with and without ssl-inspection. A new ssl inspection profile can be created and named as "dummy" and use this profile quickly wherever it is needed without going to CLI and disable manually.
Go to > Policy > SSL inspection > click on the + mark at the right hand side > Name = dummy> choose Full inspection > disable all or some protocols e,g, HTTPS, SMTPS etc > click OK to Save the changes. (So, This profile will be dummy and will not make any port scanning).
Now go to the Firewall policy and use this new ssl inspection profile wherever it is needed.
