DescriptionThis article explains how to configure the exemption of Windows updates from SSL inspection.
Refer to the related article for earlier FortiOS versions.
ScopeFortiOS v5.2.
SolutionThis can be configured through the FortiGate GUI.
- Go to Policy & Objects > Objects > Addresses > create address objects of type FQDN for each domain.
- Verify the FQDN address object status by running following CLI command;
# diagnose firewall fqdn list
Example :
# diagnose firewall fqdn list
List all FQDN:
windowsupdate.microsoft.com: ID(255) REF(1) ADDR(191.232.80.55) ADDR(65.55.50.157) ADDR(65.55.50.158) ADDR(65.55.50.189)
- Go to Policy & Objects > Policy > SSL/SSH Inspection > select Full SSL Inspection Profile > under "Exempt from SSL Inspection" add the Addresses that were previously entered in step 1.
Related Articles
Technical Note : FortiOS How to use SSL exemption for Microsoft Windows Updates